Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows wurde blockiert (https://www.trojaner-board.de/109917-windows-wurde-blockiert.html)

Kowalski1 14.02.2012 17:40
Windows wurde blockiert
 
Hallo,

hatte gestern das Problem das viele zur Zeit haben das Windows blockiert wurde wenn ich ins Internet gehe. Habe eine Systemwiederherstellung durchgeführt und danach kam ich wieder ins Internet, aber ich denke mir das wahrscheinlich nicht alles gelöscht wurde und deshalb will ich mal hier um Hilfe nachfragen :)

Ich habe die Windows Vista 32bit Version drauf und Antivire mit allen möglichen Updates. (Falls ich etwas wichtiges vergessen habe bitte bescheid sagen)

Systemwiederherstellung würde ich nur im größten Notfall machen, da ich mit dem PC arbeiten muss und mir sonst bestimmt einiges an Zeit verloren geht.

Ich bedanke mich schonmal herzlich für alle Antworten :)

Chris4You 14.02.2012 17:55
Hi,

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

und

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

Kowalski1 14.02.2012 19:56
Hier schonmal die OTL logs, Malwarebytes Antimalware läuft noch.

OTL Logfile:
Code:
OTL logfile created on: 14.02.2012 19:14:12 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 48,27% Memory free
10,98 Gb Paging File | 9,45 Gb Available in Paging File | 86,03% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 71,01 Gb Free Space | 36,36% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 23,09 Gb Free Space | 8,54% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxbccoms.exe ( )
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\avutil-51.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\avformat-53.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\avcodec-53.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\APPLIC~1\140835~1.163\gcswf32.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
MOD - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (BVWYVEOMKJJ) --  File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (postgresql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (TunngleService) -- D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (DAUpdaterSvc) -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbc_device) -- C:\Windows\System32\lxbccoms.exe ( )
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - SOFTWARE\Classes\CLSID\\LocalServer32 File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wieistmeineip.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f.2: C:\Program Files\Dyyno\Dyyno Player\npvlc.dll (Dyyno)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.30 19:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.30 21:51:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.22 17:14:35 | 000,000,000 | ---D | M]
 
[2009.01.23 17:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2012.02.13 13:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions
[2010.03.19 20:36:29 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011.02.02 19:41:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.26 18:52:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.15 14:42:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.30 19:50:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.23 10:42:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.03.03 13:30:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.02.14 18:45:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\moveplayer@movenetworks.com
[2009.04.20 14:36:41 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\NPDyyno@dyyno.com
[2010.10.20 19:48:50 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\vshare@toolbar
[2010.01.23 12:35:03 | 000,002,321 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\dictcc.xml
[2009.06.15 20:46:47 | 000,002,030 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\myvideo-suche-.xml
[2009.07.11 11:04:46 | 000,000,727 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\phpnet.xml
[2009.01.23 18:10:53 | 000,002,108 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\youtube-videosuche.xml
[2012.02.13 13:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.29 12:33:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.16 22:19:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.16 13:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009.02.19 09:53:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009.06.05 15:55:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.23 14:39:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2011.03.16 22:19:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.16 13:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.12.30 19:41:01 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.21 00:20:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.21 00:20:52 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.21 00:20:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.21 00:20:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.21 00:20:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Dyyno Player Plugin (Enabled) = C:\Program Files\Dyyno\Dyyno Player\npvlc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2012.02.11 21:16:46 | 000,449,370 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 15445 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll ( )
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DE9F9EF-8DB8-41C2-8A1F-AF77E3B8D7FB}: NameServer = 195.50.140.246 195.50.140.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E65DDC-D557-4A3C-93DC-0488FAD00A79}: DhcpNameServer = 92.241.168.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5348C871-FA4C-48BA-8047-4C204317B8F4}: DhcpNameServer = 7.254.254.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell - "" = AutoRun
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell - "" = AutoRun
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell\AutoRun\command - "" = H:\steambackup2.EXE
O33 - MountPoints2\{bd6b5189-dd92-11de-b351-dcac2bc18593}\Shell\AutoRun\command - "" = krwyrv0d.exe
O33 - MountPoints2\{bd6b5189-dd92-11de-b351-dcac2bc18593}\Shell\open\Command - "" = krwyrv0d.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.14 19:12:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2012.02.14 19:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.14 19:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.14 19:11:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.14 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.14 17:58:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012.02.13 17:59:32 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Avira
[2012.02.13 17:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.13 17:58:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.13 17:58:04 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.13 17:58:04 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.13 17:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.13 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2009.01.29 19:28:27 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\PrxerNsp.dll
[2009.01.26 14:40:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2009.01.26 14:40:49 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2009.01.26 14:40:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2009.01.26 14:40:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2009.01.26 14:40:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2009.01.26 14:40:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2009.01.26 14:40:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe
[2009.01.26 14:40:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2009.01.26 14:40:49 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2009.01.26 14:40:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe
[2009.01.26 14:40:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe
[2009.01.26 14:40:49 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2009.01.26 14:40:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2009.01.26 14:40:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.14 19:11:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.14 18:54:19 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 18:54:18 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 18:54:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.14 18:54:09 | 3488,735,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.14 18:52:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.02.14 17:58:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012.02.14 13:08:07 | 000,026,650 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2012.02.14 12:42:58 | 000,002,623 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Word.lnk
[2012.02.13 21:58:50 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.13 17:58:20 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.13 16:27:54 | 000,000,404 | ---- | M] () -- C:\Windows\LEXSTAT.INI
[2012.02.12 21:23:24 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.02.12 21:23:24 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.02.11 21:16:46 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.02.08 19:32:27 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120211-211646.backup
[2012.02.07 14:30:18 | 000,449,210 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120208-193227.backup
[2012.02.05 18:52:43 | 000,449,210 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120207-143018.backup
[2012.02.01 14:50:51 | 000,449,210 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120205-185243.backup
[2012.01.29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.26 19:09:46 | 000,699,116 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.26 19:09:46 | 000,655,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.26 19:09:46 | 000,156,440 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.26 19:09:46 | 000,128,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.26 19:09:25 | 000,154,624 | ---- | M] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.25 19:39:51 | 000,449,124 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120201-145051.backup
[2012.01.25 12:12:05 | 000,448,311 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120125-193951.backup
[2012.01.20 12:17:25 | 000,448,311 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120125-121205.backup
[2012.01.20 11:01:22 | 000,448,311 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120120-121725.backup
[2012.01.19 12:15:24 | 000,448,311 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120120-110122.backup
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.14 19:11:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 17:58:20 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.13 16:57:59 | 3488,735,232 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.15 05:39:42 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.08.01 18:35:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.12 22:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.06.01 13:45:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.06.01 13:45:52 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.05.26 20:17:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.26 20:17:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.05.12 20:46:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.01.13 18:18:15 | 000,000,365 | ---- | C] () -- C:\Users\Kevin\AppData\Local\postgresinstall.bat
[2011.01.04 15:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 15:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 15:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 15:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 15:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2010.05.26 19:37:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.04.28 20:31:06 | 000,000,068 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.05 18:47:36 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.02.27 13:08:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.23 16:13:27 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2010.01.27 20:46:45 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.29 12:32:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.23 20:40:51 | 000,000,762 | ---- | C] () -- C:\Windows\Edofma.INI
[2009.08.28 13:25:32 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.23 19:20:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.05.29 17:36:24 | 000,086,250 | ---- | C] () -- C:\Windows\wininit.ini
[2009.05.27 17:23:04 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2009.05.12 12:32:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.03.22 21:18:35 | 000,134,989 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.03.15 19:22:50 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.29 20:02:15 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat
[2009.01.29 19:28:29 | 000,000,386 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Current.prx
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2009.01.26 14:40:49 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2009.01.26 11:19:30 | 000,026,650 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2009.01.26 11:15:43 | 000,001,187 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.26 10:43:49 | 000,000,404 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2009.01.25 18:14:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.01.25 18:14:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.01.23 17:21:26 | 000,154,624 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.23 17:10:00 | 000,138,056 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\PnkBstrK.sys
[2009.01.23 17:09:45 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.01.23 17:09:43 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.01.23 17:09:43 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.01.23 15:28:26 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.23 15:28:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.23 15:04:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.01.23 15:04:23 | 000,026,082 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.01.23 15:03:13 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2008.01.21 08:15:58 | 000,699,116 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,156,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007.02.22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,296,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,655,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,128,292 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.25 14:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll
[1999.01.22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:437DA1922D9BCD1B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A7D1EA69
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A064CECC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:41ADDB8A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:05EE1EEF

< End of report >
--- --- ---

Kowalski1 14.02.2012 19:57
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 14.02.2012 19:14:12 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 48,27% Memory free
10,98 Gb Paging File | 9,45 Gb Available in Paging File | 86,03% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 71,01 Gb Free Space | 36,36% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 23,09 Gb Free Space | 8,54% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BC15B64-C369-496B-A7D8-CFFFC4738F54}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93D28C7D-657A-4A6C-9A39-E8811B331A93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9B414A25-7921-4077-8A59-B68AA7302B3D}" = lport=6112 | protocol=6 | dir=in | name=6112 |
"{A380219C-62BF-43B3-A6B1-09D5BDF70280}" = lport=1338 | protocol=6 | dir=in | name=1338 |
"{AC91602A-E785-452B-8567-15E5539F3047}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{C6D9711C-F8FC-4968-B369-15E51F4CA809}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{C84A652A-8EBA-4CB9-99A5-A971B83D8A81}" = lport=6112 | protocol=17 | dir=in | name=6112 |
"{DFEAD0CC-CDB7-455C-9249-93B9580096CA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{FDFCFF18-B31E-40CD-BD14-B5E380366C3A}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02260DC9-E8BB-4709-AE40-AC121E1B75C4}" = protocol=6 | dir=in | app=d:\program files\tunngle\tunngle.exe |
"{050717F2-A386-453C-9E2F-3E820C983899}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{0B15D919-5D5E-44A1-87D3-A138A09B8863}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{0CE501C0-FDCF-4D73-B12C-314C4B52CC81}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{102B6718-FC6C-417E-9224-A7EB457B3B58}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{10FAA7ED-BF56-49A0-9FE0-9B82B277744C}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{13EDE2F6-A665-4156-AF37-9447DE82A910}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{1711F7DC-8DB9-4F7A-8479-F04A13225919}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{1B2A3F2F-1146-4727-97EA-2CCF7BD51B64}" = protocol=17 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{2292A04C-B868-459D-B9FC-C131350CA1ED}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{23CEBD8A-3C1D-4B0E-882C-A4FCF90AB311}" = protocol=17 | dir=in | app=d:\program files\origin games\fifa 12\game\fifa.exe |
"{2424D9BB-DF60-4D8F-AE13-BC1FCB900C72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B8C018F-B057-4F7A-85A4-3ECF943216F9}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{3235C9BD-E643-4991-A705-710F9EA4A2D1}" = protocol=6 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{3518C955-624F-496D-B0BA-B30391ADAA38}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{3630A9D1-6A51-4B39-BEC9-4D15CCD4DDC0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{36C40B64-DA14-4D51-8CCC-9BBDCAFA559D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39E71065-55BB-4394-BA3A-EF8F1A446F4A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{3A483245-06E6-43D5-8775-CE3D6B3036F7}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\empire total war\empire.exe |
"{3DA9F65D-0F1B-4AC4-93FF-931F8E04C48C}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{3E262613-34F5-40BC-9945-DD865C30B995}" = protocol=17 | dir=in | app=d:\program files\guild wars\gw.exe |
"{3EC05ED4-1271-4608-A9C0-5553C6A9AFD5}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{435BA85B-268F-4C94-9075-CEF504A1F201}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4A6297F7-5AAB-451F-AB63-6DCDC1EBEE4A}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{4C9FDD42-5D44-4FC3-8E72-410A9266A9A5}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\holdemmanager.exe |
"{4E48D4A7-54F5-4CB8-BCE4-D3D267E2B647}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{538A5A86-8353-45C0-ACAC-0C5A64CDE326}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{563115A1-0AB3-403A-A358-8CC8169C7C92}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{64526B2B-07FE-4CB9-995A-EC99BD56CEC4}" = protocol=6 | dir=in | app=d:\program files\origin games\fifa 12\game\fifa.exe |
"{67992397-B7F7-48C9-AFB8-4D2413AED5C2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{68D0A40B-8F8C-450C-AFB0-108EFC58CA95}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{690B9E13-F0F1-4C73-BE7F-F9D7DE3AB7D9}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe |
"{6A07AFBB-4BCF-4EA3-B508-52A3610868DC}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{6B061DED-E945-4814-B47A-FC9F738527B4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{6D04846C-3871-404E-8733-DD022C80F67F}" = protocol=17 | dir=in | app=d:\program files\tunngle\tunngle.exe |
"{723E5170-3CBE-40B8-8F55-7AD9AC5820A3}" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{72B0DB13-159F-4B56-BE61-0FAC797EB6FF}" = protocol=6 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{750974CD-2435-4972-ADF3-F528CBC8235B}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{76DAFFCF-C701-4127-A0F9-BB5BA3FD1BB1}" = protocol=17 | dir=in | app=d:\program files\jdownloader\jdownloader.exe |
"{790146CC-0E13-491D-B8B4-BBB41C56F905}" = protocol=17 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{816D2944-2DDC-4CA2-82B1-FD5A19CBECB7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{82D89747-9AB8-4AE0-9EF0-BC90C1F3AD2B}" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{8395DC00-59CF-451E-98B3-AA3B56F4BFE8}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{84ECAE31-FC9E-4C68-8E94-D26484B812F5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{878CF526-CDEE-4F0B-9B48-3A33B6456523}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{88779E37-82FB-4FF0-B070-B60C5C67BB61}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{89D5CA6B-C59E-421F-B29A-C3139E64C405}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{8D9080F5-CBB9-4D78-9741-EB29E4137EC8}" = protocol=17 | dir=in | app=d:\program files\tunngle\tnglctrl.exe |
"{8DD8DE8D-5C60-431F-94A2-2085321DF1A0}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{8E10E4F2-102D-4313-A0C2-49FC0F8A9780}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{8F352AF1-718E-478D-A562-B315AF975D36}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\dbcontrolpanel.exe |
"{9066254F-CA05-4EAD-A4F2-C51E4E680FB5}" = protocol=17 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{90EE8DC0-423B-4889-8746-4EAA937158D5}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{91371408-6EF0-4D66-BA1A-CE2273A4C934}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{954EADF2-6428-4413-BDAA-9B642E192696}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{98A92B9B-2335-41B4-95F7-07262B5991EF}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\holdemmanager.exe |
"{9C32CA59-2829-4D89-9165-B97478D864BF}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{A2A87C3B-F9F4-4756-AD7E-E9AF4FC1330B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{A3D2E1C9-2EEE-4A9C-AA5F-070D9DF59537}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{B10D5103-085B-4117-9133-F70B2C643F75}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B2DF138E-9D08-481D-A35C-3DF328E167AD}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{B2E8F5FC-C809-4468-89C7-7BC5F4A98AEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3740786-CCE7-4F72-94A8-2144178CE1DC}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{B5F30A51-1A31-4C51-BA5B-81D57F176B3A}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{B9BA56B4-9973-4FCE-BB3F-FE3BA14D123E}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{C2C7D9BA-F032-4721-BE08-FC5CC192779B}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{C3FCFC0F-6786-4BCD-8E90-7FAC5F771B8E}" = protocol=6 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{C6EE227B-D4C8-447A-9839-F4180B9B47B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9227D88-0738-4AAF-8B83-FC1EC143C487}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{CC4BBF49-1B60-442E-89A9-B06A529E79EF}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{CF275D39-5B34-4F54-9AAC-E67D11014EF2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{D0A342DE-47F0-40E5-9DDC-26A00D484ADE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D0FF87E1-C68C-4DD2-B2D0-94E4CFC3FF1C}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D155E9CF-FB09-493B-A41C-49B03EC8F8DB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{D7C61099-0E88-4FC1-A2A7-BBD4B33A57D9}" = protocol=6 | dir=in | app=d:\program files\tunngle\tnglctrl.exe |
"{DA2244EA-B8AF-4632-9ED7-17EDC40614BC}" = protocol=6 | dir=in | app=d:\program files\jdownloader\jdownloader.exe |
"{DEF5CCD5-D345-4C7B-9B5E-7204566625EC}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{E013AFFF-F7CB-4D5B-AFDC-7A867571087C}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\empire total war\empire.exe |
"{E07CD312-6F7C-45E7-BA3B-DCCF6DDC235E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0C4163B-AFA6-4B91-A36D-BA5A74848E85}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{E1694F0D-443C-4AF3-B632-53A516E6E2D6}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\hmhud.exe |
"{E2A90B3E-2D2F-4451-98BD-3965C1E50BE7}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\dbcontrolpanel.exe |
"{E2D38A28-619B-4834-AF19-44745E421847}" = protocol=6 | dir=in | app=d:\program files\guild wars\gw.exe |
"{E3419925-96B7-4252-8A83-793EC1FC6CCF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{E9B24E58-D222-416D-9A21-7000279F0571}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{EE8BC520-C3F9-4AD8-B582-718CB0F6D022}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F322ECEA-F096-411A-949E-5C828DD2E3E5}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\hmhud.exe |
"{F32BC7EA-EE55-451E-83BA-2390596BCF5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F59FDB2E-6B16-4D9E-9E79-BAE045C89F89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA037785-B456-43D8-B5C1-23B33479A2CF}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{FA640713-D0A0-48F1-965A-F8C400DE261C}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{FBB8494F-3FBD-49A7-97CA-179BDB9729D2}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe |
"{FC00CB47-D4D8-400F-9E57-D4446BD637A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCD0F2B3-1DDD-4755-96DF-1356DAE8E10C}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{FD842E24-0121-4040-9F34-B835AF063345}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FE49D6DF-5DF5-4677-81B4-9CD40252F8C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{049D0E66-0298-4E8B-9358-D47E8FDB0C3F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{04F344EC-5E4D-43F6-AFCE-22EE95F7FB50}D:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe |
"TCP Query User{08174836-18B6-4FAA-A655-2571C7877725}D:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
"TCP Query User{0C126593-312B-4AD3-863D-8400420B58B9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{0C1461D8-90F6-4C35-AFAC-24D5E8C44CA4}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=6 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"TCP Query User{0CE0CFA6-E3A7-4CD4-B0DE-3B57D98C23EB}D:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe |
"TCP Query User{124E94B1-4E62-42E7-99E3-CC7BF683C40E}D:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=d:\program files\intervideo\dvd8\windvd.exe |
"TCP Query User{1416E868-8826-47F9-BDD3-F75ED2C5181B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{14308610-31A2-4E31-AC07-0DDBA6690333}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{1B7FE7CC-DBF3-458A-80D3-5FEA509CCE67}D:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"TCP Query User{1D2E2B02-D8A0-42C1-8466-0A36F0902BC9}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{3C0AB35C-276B-414D-A213-E54BBBB838DF}D:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"TCP Query User{49D913CB-E95A-4154-88F6-C93E1752763F}D:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=d:\program files\winhttrack\winhttrack.exe |
"TCP Query User{4FE52CA6-24AA-40ED-BDFA-005BF946FC2A}D:\program files\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=d:\program files\valve\portal 2\portal2.exe |
"TCP Query User{6AF44318-D101-489A-9755-24201C6661E6}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{6B07766E-D96C-49E9-9A06-8DA31F794839}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{6E85616E-0AC0-4DBB-A33C-812E9E52B214}C:\program files\graffiti studio 2.0\graffiti studio.exe" = protocol=6 | dir=in | app=c:\program files\graffiti studio 2.0\graffiti studio.exe |
"TCP Query User{74F4E9B8-5458-4F9F-98D5-44928363DB1E}D:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"TCP Query User{836C65D3-9920-4A7B-9412-98DB2ED728E8}D:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{90414F95-AB68-4239-BCB5-B36E9C41F391}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{94F32068-74E9-43E9-99DF-E6ADAE1FC09C}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{96097F71-1DAA-461B-829A-AB480AE296D1}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{96C6F46D-7F7E-4E33-ACEB-C16A1FE2F753}D:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{9ABA2525-3565-4259-A03E-24ADEF7EABE3}D:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=6 | dir=in | app=d:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"TCP Query User{9B5354C6-39D5-4310-BC11-D6CE303EB780}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A3890824-D3F6-4F4F-ADF3-D4E2F7ACFED5}C:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe |
"TCP Query User{AFFDAD41-1AF0-4AA9-A89B-BF912C6520A3}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{B9B481CC-80B5-410D-9E1D-3A38ADEE3F58}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{C3276851-E358-4B72-9A07-ED0D8BF93299}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E0831070-2F42-4BA3-95CC-25B22F88277D}C:\program files\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"TCP Query User{E4782409-E453-45AA-8C55-6FB1B41B9E28}C:\program files\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"TCP Query User{E89CBB6F-3FDC-4543-B1F3-49D067CCD41C}C:\users\kevin\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\kevin\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{F8783AAA-F8E2-4820-884A-9E8C25DBD531}D:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\addon.exe |
"UDP Query User{02993BB8-1AEE-451D-8FEB-F9B2BC730D15}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{0378D491-90D0-47E8-9F5F-B5BD4BA7D2D7}D:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe |
"UDP Query User{0576D843-2AB9-4805-800C-F65355E2553E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0FBE7B06-3488-4C92-ABBF-813488D24215}D:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"UDP Query User{126CC74A-8A3C-42DD-AA55-32C1862A9A4A}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=17 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"UDP Query User{2135D95F-6179-48A4-AB5F-23E6A6683DDE}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{22DC7004-F415-4A63-A3AB-CEA9D14A2A4D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{24CF0632-9E3A-427B-9A89-6CFA95A0CF0F}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{2B0C7EDD-9757-4908-839E-CE60AD3AAB94}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2ED5D616-E6CA-40E5-8295-2F8260D4C2D2}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{33234148-933E-406B-867E-4F6FE70750C6}D:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=17 | dir=in | app=d:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"UDP Query User{397800EC-ADF1-4E68-97E7-623353BC6BBB}C:\program files\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"UDP Query User{39876B57-9949-4193-B7BB-62965B7CA361}C:\program files\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"UDP Query User{3CEC3EB6-213D-4754-AAA0-F70A7DF77DB9}D:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=d:\program files\winhttrack\winhttrack.exe |
"UDP Query User{48C2ECB9-17B2-48C5-87DB-F9B1317EB174}D:\program files\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=d:\program files\valve\portal 2\portal2.exe |
"UDP Query User{48FBD34E-91B9-43EB-935F-3A037D8934F1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4BF507AB-6E70-46A7-AE59-4B242C49FF87}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{4EB37FA1-7A9F-448A-A0B2-49D36334763F}C:\program files\graffiti studio 2.0\graffiti studio.exe" = protocol=17 | dir=in | app=c:\program files\graffiti studio 2.0\graffiti studio.exe |
"UDP Query User{520A5AFE-1914-4276-82DE-EFF1AB4C6528}D:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"UDP Query User{61C080E2-1D35-4A75-AFB4-9EE03D9486F4}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{638DCCE4-D8A3-40C7-8C48-D3CF6D496BF8}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{6396DB85-D5BB-485F-87B7-A29190E1D724}D:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\addon.exe |
"UDP Query User{73909B1C-8977-416E-B65E-0E7D64AB199D}D:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"UDP Query User{7EA54910-C7E0-40AB-85D4-8C00AC544246}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{810E8CAE-E004-4F84-A689-8D452C9459AB}C:\users\kevin\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\kevin\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{84787A75-BB9D-481F-88E0-DFEAFDB53536}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8946B41A-3B34-4FD8-B8DB-25A8A8690BC0}D:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{8FAF48EF-3C10-452B-AEF0-BCECCD682355}C:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe |
"UDP Query User{A0FB9F23-81DB-4467-A9D0-96B933FC272A}D:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe |
"UDP Query User{BE02FC87-B499-4FAA-BE33-B9E5700844E5}D:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=d:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{C0D295DE-8E05-4585-843E-93FC298484EA}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{F473267A-E72F-4133-B22F-74F39EAC164F}D:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F4B67866-96DB-4695-84A5-484A19FA9DA8}D:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1459C671-45F3-4A58-8EA6-3B675460E51A}" = DO Kopfrechnen
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM)
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light
"{3230518C-2953-4FB9-8485-B3CDFCC36A70}" = Rosetta Stone Ltd Services
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE2032D-B1DA-4057-9D1E-4120F8B64367}" = DSLaufzeit
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45B4FF51-D048-46A1-AE2C-3786F2221F47}" = DSRechner
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AF9D464-6627-4FB9-AEF9-15D6C972CA84}_is1" = Minecraft Beta Version 1.7.3
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{90DA7F39-B9D4-4FB1-93A0-6B10F83E35E2}" = Wer wird Millionär - Party-Edition
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{99889189-C739-4A46-BA02-3B271A118957}" = F.E.A.R. Mission Perseus
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53BEB85-A538-4F93-BF0C-2D9770532D10}" = Lost Horizon
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}" = Condemned - Criminal Origins
"{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}" = Clive Barker's Jericho
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2F8468F-85AB-4D08-A68E-01D328E7B261}" = PokerStrategy.com Elephant
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DEED33EE-4357-4907-8F20-C1A50CC68A5A}" = USB Joystick
"{E184BB79-61A3-4B0A-86D1-12A56C0A7270}" = Painkiller Resurrection
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E71AC707-179D-458D-A1E8-F52977CAEAB4}" = M.U.D. TV
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F027C8E3-6DBD-492A-9959-7B36B1DE0D65}" = Ad-Aware
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F73D18C1-F4DA-4B9F-9C46-5185F5D3DB7C}" = F.E.A.R. 2 SP Demo
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FD025150-EEA0-4CAC-BED1-B9837783FCC8}" = ActivePerl 5.10.0 Build 1005
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"abgx360" = abgx360 v1.0.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"APP-Codejock.SuitePro.ActiveX.v12.0.1_is1" = Xtreme SuitePro ActiveX v12.0.1
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ask Toolbar_is1" = Ask Toolbar
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"bet365poker" = Poker at bet365
"Black Mirror 2_is1" = Black Mirror 2
"Black Mirror III_is1" = Black Mirror III
"Brain Workshop_is1" = Brain Workshop 4.4
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dues Ex Human Revolution_is1" = Dues Ex Human Revolution
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"DyynoPlayer" = DyynoPlayer 0.8.6f.2
"EFCL SecuLauncher Error Fix v1.1 by TokZic 1.1" = EFCL SecuLauncher Error Fix v1.1 by TokZic 1.1
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"Eraser" = Eraser
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F.E.A.R. 3_is1" = F.E.A.R. 3
"F.E.A.R.2 Reborn_is1" = F.E.A.R.2 Reborn
"FeedReader_is1" = FeedReader
"FileZilla Client" = FileZilla Client 3.3.4.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Billiards 2008_is1" = Free Billiards 2008
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Game Booster_is1" = Game Booster
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Updater" = Google Updater
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"HoldemManager" = Holdem Manager
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark 510 Series" = Lexmark 510 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mikogo" = Mikogo
"MobMap_is1" = MobMap 3.55
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MyMDb_0" = MyMDb 3.6
"Nero - Burning Rom!UninstallKey" = Ahead Nero OEM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"Origin" = Origin
"PartyPoker" = PartyPoker
"Pidgin" = Pidgin
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Postal 2_is1" = Portal 2
"PostgreSQL 8.3" = PostgreSQL 8.3
"PostgreSQL 8.4" = PostgreSQL 8.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Proxifier_is1" = Proxifier version 2.7
"PunkBusterSvc" = PunkBuster Services
"Quick Memory Editor_is1" = Quick Memory Editor 5.5
"QuickPar" = QuickPar 0.9
"RealPlayer 12.0" = RealPlayer
"Schlag den Raab_is1" = Schlag den Raab
"Shockwave" = Shockwave
"SitNGoWizard" = SitNGo Wizard
"SMPlayer_is1" = SMPlayer 0.6.6
"SopCast" = SopCast 3.2.4
"Steam App 10500" = Empire: Total War
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 500" = Left 4 Dead
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TeamViewer 6" = TeamViewer 6
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TrueCrypt" = TrueCrypt
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"UseNeXT_is1" = UseNeXT
"VirusTotalUploader" = VirusTotal Uploader
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 0.9.8a
"Warcraft III" = Warcraft III
"WebMoney Agent" = WebMoney Agent
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Wecker 2.2" = Wecker 2.2 2.2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9
"WinPatrol" = WinPatrol 2008
"WinRAR archiver" = WinRAR
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"World of Warcraft" = World of Warcraft
"xampp" = XAMPP 1.7.1
"X-Chat 2_is1" = X-Chat 2.8.6-2
"Xfire" = Xfire (remove only)
"XnView_is1" = XnView 1.96.5
"xp-AntiSpy" = xp-AntiSpy 3.97
"Zygor Guides" = Zygor Guides
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)
"BrainGame" = Dr Kawashima
"Google Chrome" = Google Chrome
"Runic Games Torchlight" = Torchlight
"sc10-DE_SEVENONE_MAIN" = Big Pizza Ski Challenge 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Universal Replayer" = Universal Replayer
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.02.2012 13:55:30 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-14 18:55:30 CETFATAL:  role "SYSTEM" does not exist
 
Error - 14.02.2012 13:55:31 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-14 18:55:31 CETFATAL:  role "SYSTEM" does not exist
 
Error - 14.02.2012 13:55:32 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-14 18:55:32 CETFATAL:  role "SYSTEM" does not exist
 
Error - 14.02.2012 13:55:33 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-14 18:55:33 CETFATAL:  role "SYSTEM" does not exist
 
Error - 14.02.2012 13:55:34 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-14 18:55:34 CETFATAL:  role "SYSTEM" does not exist
 
Error - 14.02.2012 13:55:35 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-14 18:55:35 CETFATAL:  role "SYSTEM" does not exist
 
Error - 14.02.2012 13:55:36 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-14 18:55:36 CETFATAL:  role "SYSTEM" does not exist
 
Error - 14.02.2012 13:55:37 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-14 18:55:37 CETFATAL:  role "SYSTEM" does not exist
 
Error - 14.02.2012 13:55:38 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-14 18:55:38 CETFATAL:  role "SYSTEM" does not exist
 
Error - 14.02.2012 13:55:39 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-14 18:55:39 CETFATAL:  role "SYSTEM" does not exist
 
[ SitNGoWizard Events ]
Error - 18.10.2011 13:22:40 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.12.2011 13:44:20 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.12.2011 13:44:21 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.12.2011 13:44:30 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.12.2011 13:44:30 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.12.2011 13:44:40 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.12.2011 13:44:40 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 12.01.2012 16:45:46 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 12.01.2012 16:45:47 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 05.02.2012 17:31:48 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
[ System Events ]
Error - 13.02.2012 12:15:12 | Computer Name = Kevin-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0023C359FE3A zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 13.02.2012 12:15:21 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 13.02.2012 12:15:41 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 13.02.2012 12:21:07 | Computer Name = Kevin-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 0023C359FE3A zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%121. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 13.02.2012 12:56:01 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 13.02.2012 12:57:29 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 14.02.2012 05:13:25 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 14.02.2012 05:14:49 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 14.02.2012 13:54:17 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 14.02.2012 13:55:41 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
[ TuneUp Events ]
Error - 17.09.2011 17:57:15 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-09-17 23:57:15', '\device\harddiskvolume2\program
 files\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe','3892',0)
 
Error - 18.09.2011 09:03:35 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-09-18 15:03:35', '\device\harddiskvolume2\program
 files\ubisoft\tom clancy's splinter cell double agent\scdalauncher.exe','5564',0)
 
Error - 18.09.2011 09:03:50 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-09-18 15:03:50', '\device\harddiskvolume2\program
 files\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe','5080',0)
 
Error - 20.09.2011 16:15:45 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-09-20 22:15:45', '\device\harddiskvolume2\program
 files\ubisoft\tom clancy's splinter cell double agent\scdalauncher.exe','6644',0)
 
Error - 20.09.2011 16:15:55 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-09-20 22:15:55', '\device\harddiskvolume2\program
 files\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe','6740',0)
 
Error - 21.09.2011 02:43:41 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-09-21 08:43:41', '\device\harddiskvolume2\program
 files\ubisoft\tom clancy's splinter cell double agent\scdalauncher.exe','4696',0)
 
Error - 21.09.2011 02:52:11 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-09-21 08:52:11', '\device\harddiskvolume2\program
 files\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe','4572',0)
 
Error - 14.02.2012 14:12:18 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-14 19:12:18', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5992',0)
 
Error - 14.02.2012 14:12:33 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-14 19:12:33', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','6052',0)
 
Error - 14.02.2012 14:12:48 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-14 19:12:48', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4452',0)
 
 
< End of report >
--- --- ---

Chris4You 14.02.2012 20:38
Hi,

ich denke ich habe ihn....

O33 - MountPoints2\{bd6b5189-dd92-11de-b351-dcac2bc18593}\Shell\AutoRun\command - "" = krwyrv0d.exe
O33 - MountPoints2\{bd6b5189-dd92-11de-b351-dcac2bc18593}\Shell\open\Command - "" = krwyrv0d.exe

Wenn MAM ihn nicht killt machen wir es per hand...

chris

Kowalski1 14.02.2012 20:53
Danke für deine schnelle Antwort.
Bin leider was das ganze angeht etwas schwerfällig, wie genau mache ich das jetzt? Also das löschen der Fehler?
Was meinst du mit MAM?
Sorry für meine Dummheit was das angeht :D

Chris4You 14.02.2012 21:29
Hi,

ist Antimalwarebytes (MAM) durch, dann poste bitte das log...

chris

Kowalski1 14.02.2012 22:37
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.14.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Kevin :: KEVIN-PC [Administrator]

Schutz: Deaktiviert

14.02.2012 19:24:58
mbam-log-2012-02-14 (22-23-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 540498
Laufzeit: 2 Stunde(n), 57 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bet365poker (PUP.Casino) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Kevin\Downloads\unlocker1.8.7.exe (Adware.Clicker) -> Keine Aktion durchgeführt.
C:\Users\Kevin\Downloads\SetupPoker_68e0(2).exe (PUP.Casino) -> Keine Aktion durchgeführt.
C:\Users\Kevin\Downloads\SetupPoker_68e0.exe (PUP.Casino) -> Keine Aktion durchgeführt.
D:\Program Files\bet365 Poker\Poker at bet365\_SetupPoker_68e0.exe (PUP.Casino) -> Keine Aktion durchgeführt.
D:\Program Files\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> Keine Aktion durchgeführt.
C:\Windows\System32\hosts (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)

Chris4You 14.02.2012 22:44
Hi,

alles löschen lassen...

  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:
:OTL

O33 - MountPoints2\{bd6b5189-dd92-11de-b351-dcac2bc18593}\Shell\AutoRun\command - "" = krwyrv0d.exe
O33 - MountPoints2\{bd6b5189-dd92-11de-b351-dcac2bc18593}\Shell\open\Command - "" = krwyrv0d.exe

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

Kowalski1 15.02.2012 20:19
Code:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd6b5189-dd92-11de-b351-dcac2bc18593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd6b5189-dd92-11de-b351-dcac2bc18593}\ not found.
File krwyrv0d.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd6b5189-dd92-11de-b351-dcac2bc18593}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd6b5189-dd92-11de-b351-dcac2bc18593}\ not found.
File krwyrv0d.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kevin
->Temp folder emptied: 393512 bytes
->Temporary Internet Files folder emptied: 73870904 bytes
->Java cache emptied: 40741110 bytes
->FireFox cache emptied: 46226487 bytes
->Google Chrome cache emptied: 104321094 bytes
->Flash cache emptied: 2946218 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
 
User: Public
 
User: xx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1224704 bytes
%systemroot%\System32 .tmp files removed: 2012262 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72617 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 259,00 mb
 

 
OTL by OldTimer - Version 3.2.31.0 log created on 02152012_201209

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Chris4You 15.02.2012 20:32
Hi,

so, jetzt bitte MAM updaten und dann nochmal einen Fullscan...

Wie verhält sich der Rechner (Umleitungen im Internet etc.)?

Zur Sicherheit noch
TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Kowalski1 18.02.2012 21:00
Sorry das ich erst so spät antworte. :)

Hier der MAM Log:
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.18.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Kevin :: KEVIN-PC [Administrator]

Schutz: Deaktiviert

18.02.2012 17:06:59
mbam-log-2012-02-18 (17-06-59).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 535014
Laufzeit: 3 Stunde(n), 5 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Hab bei tdsskiller bei allem Skip gelassen wies gesagt wurde :)
tdsskiller log:

Code:
20:50:42.0349 5616        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
20:50:42.0483 5616        ============================================================
20:50:42.0483 5616        Current date / time: 2012/02/18 20:50:42.0483
20:50:42.0483 5616        SystemInfo:
20:50:42.0483 5616       
20:50:42.0483 5616        OS Version: 6.0.6001 ServicePack: 1.0
20:50:42.0483 5616        Product type: Workstation
20:50:42.0483 5616        ComputerName: KEVIN-PC
20:50:42.0483 5616        UserName: Kevin
20:50:42.0483 5616        Windows directory: C:\Windows
20:50:42.0483 5616        System windows directory: C:\Windows
20:50:42.0483 5616        Processor architecture: Intel x86
20:50:42.0483 5616        Number of processors: 4
20:50:42.0483 5616        Page size: 0x1000
20:50:42.0483 5616        Boot type: Normal boot
20:50:42.0483 5616        ============================================================
20:50:43.0304 5616        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:50:43.0306 5616        \Device\Harddisk0\DR0:
20:50:43.0313 5616        MBR used
20:50:43.0313 5616        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x186A0000
20:50:43.0313 5616        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x21CE5000
20:50:43.0395 5616        Initialize success
20:50:43.0395 5616        ============================================================
20:51:02.0928 5140        ============================================================
20:51:02.0928 5140        Scan started
20:51:02.0928 5140        Mode: Manual; SigCheck; TDLFS;
20:51:02.0928 5140        ============================================================
20:51:03.0287 5140        acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
20:51:03.0425 5140        acedrv11 - ok
20:51:03.0460 5140        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
20:51:03.0470 5140        ACPI - ok
20:51:03.0499 5140        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:51:03.0520 5140        adp94xx - ok
20:51:03.0542 5140        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:51:03.0557 5140        adpahci - ok
20:51:03.0578 5140        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:51:03.0604 5140        adpu160m - ok
20:51:03.0620 5140        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:51:03.0629 5140        adpu320 - ok
20:51:03.0647 5140        AFD            (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
20:51:03.0689 5140        AFD - ok
20:51:03.0708 5140        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:51:03.0719 5140        agp440 - ok
20:51:03.0739 5140        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:51:03.0747 5140        aic78xx - ok
20:51:03.0769 5140        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:51:03.0778 5140        aliide - ok
20:51:03.0799 5140        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:51:03.0806 5140        amdagp - ok
20:51:03.0826 5140        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:51:03.0846 5140        amdide - ok
20:51:03.0861 5140        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:51:03.0898 5140        AmdK7 - ok
20:51:03.0917 5140        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:51:03.0937 5140        AmdK8 - ok
20:51:03.0995 5140        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:51:04.0007 5140        arc - ok
20:51:04.0023 5140        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:51:04.0036 5140        arcsas - ok
20:51:04.0049 5140        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:51:04.0076 5140        AsyncMac - ok
20:51:04.0099 5140        atapi          (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
20:51:04.0107 5140        atapi - ok
20:51:04.0141 5140        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
20:51:04.0154 5140        atksgt - ok
20:51:04.0186 5140        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
20:51:04.0195 5140        avgntflt - ok
20:51:04.0230 5140        avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
20:51:04.0238 5140        avipbb - ok
20:51:04.0248 5140        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:51:04.0255 5140        avkmgr - ok
20:51:04.0283 5140        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:51:04.0327 5140        Beep - ok
20:51:04.0351 5140        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:51:04.0414 5140        blbdrive - ok
20:51:04.0424 5140        bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
20:51:04.0455 5140        bowser - ok
20:51:04.0473 5140        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:51:04.0505 5140        BrFiltLo - ok
20:51:04.0519 5140        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:51:04.0549 5140        BrFiltUp - ok
20:51:04.0574 5140        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:51:04.0716 5140        Brserid - ok
20:51:04.0741 5140        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:51:04.0799 5140        BrSerWdm - ok
20:51:04.0827 5140        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:51:04.0906 5140        BrUsbMdm - ok
20:51:04.0936 5140        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:51:04.0989 5140        BrUsbSer - ok
20:51:05.0010 5140        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:51:05.0067 5140        BTHMODEM - ok
20:51:05.0084 5140        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:51:05.0117 5140        cdfs - ok
20:51:05.0130 5140        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
20:51:05.0165 5140        cdrom - ok
20:51:05.0185 5140        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:51:05.0224 5140        circlass - ok
20:51:05.0253 5140        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
20:51:05.0267 5140        CLFS - ok
20:51:05.0287 5140        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:51:05.0296 5140        cmdide - ok
20:51:05.0314 5140        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
20:51:05.0322 5140        Compbatt - ok
20:51:05.0344 5140        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:51:05.0356 5140        crcdisk - ok
20:51:05.0375 5140        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:51:05.0399 5140        Crusoe - ok
20:51:05.0423 5140        DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
20:51:05.0451 5140        DfsC - ok
20:51:05.0462 5140        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
20:51:05.0470 5140        disk - ok
20:51:05.0505 5140        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:51:05.0540 5140        drmkaud - ok
20:51:05.0579 5140        dtsoftbus01    (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:51:05.0608 5140        dtsoftbus01 - ok
20:51:05.0639 5140        DXGKrnl        (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
20:51:05.0698 5140        DXGKrnl - ok
20:51:05.0738 5140        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:51:05.0776 5140        E1G60 - ok
20:51:05.0819 5140        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
20:51:05.0828 5140        Ecache - ok
20:51:05.0854 5140        ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
20:51:05.0865 5140        ElbyCDFL - ok
20:51:05.0887 5140        ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
20:51:05.0895 5140        ElbyCDIO - ok
20:51:05.0936 5140        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:51:05.0957 5140        elxstor - ok
20:51:05.0977 5140        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:51:06.0010 5140        ErrDev - ok
20:51:06.0040 5140        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
20:51:06.0085 5140        exfat - ok
20:51:06.0104 5140        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
20:51:06.0145 5140        fastfat - ok
20:51:06.0164 5140        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:51:06.0192 5140        fdc - ok
20:51:06.0214 5140        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:51:06.0223 5140        FileInfo - ok
20:51:06.0246 5140        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:51:06.0282 5140        Filetrace - ok
20:51:06.0294 5140        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:51:06.0317 5140        flpydisk - ok
20:51:06.0334 5140        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
20:51:06.0345 5140        FltMgr - ok
20:51:06.0405 5140        FsUsbExDisk    (10398b515653442a5b89fdf6a1d06180) C:\Windows\system32\FsUsbExDisk.SYS
20:51:06.0413 5140        FsUsbExDisk - ok
20:51:06.0443 5140        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:51:06.0479 5140        Fs_Rec - ok
20:51:06.0501 5140        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:51:06.0514 5140        gagp30kx - ok
20:51:06.0537 5140        GEARAspiWDM    (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:51:06.0544 5140        GEARAspiWDM - ok
20:51:06.0576 5140        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
20:51:06.0583 5140        hamachi - ok
20:51:06.0616 5140        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:51:06.0680 5140        HdAudAddService - ok
20:51:06.0697 5140        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:51:06.0729 5140        HDAudBus - ok
20:51:06.0745 5140        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:51:06.0793 5140        HidBth - ok
20:51:06.0810 5140        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:51:06.0870 5140        HidIr - ok
20:51:06.0910 5140        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
20:51:06.0946 5140        HidUsb - ok
20:51:06.0966 5140        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:51:06.0997 5140        HpCISSs - ok
20:51:07.0031 5140        HTTP            (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
20:51:07.0090 5140        HTTP - ok
20:51:07.0118 5140        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:51:07.0137 5140        i2omp - ok
20:51:07.0145 5140        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:51:07.0177 5140        i8042prt - ok
20:51:07.0197 5140        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:51:07.0210 5140        iaStorV - ok
20:51:07.0230 5140        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:51:07.0242 5140        iirsp - ok
20:51:07.0256 5140        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:51:07.0265 5140        intelide - ok
20:51:07.0289 5140        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:51:07.0326 5140        intelppm - ok
20:51:07.0345 5140        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:51:07.0380 5140        IpFilterDriver - ok
20:51:07.0388 5140        IpInIp - ok
20:51:07.0414 5140        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:51:07.0470 5140        IPMIDRV - ok
20:51:07.0490 5140        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:51:07.0519 5140        IPNAT - ok
20:51:07.0540 5140        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:51:07.0575 5140        IRENUM - ok
20:51:07.0597 5140        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:51:07.0610 5140        isapnp - ok
20:51:07.0629 5140        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
20:51:07.0648 5140        iScsiPrt - ok
20:51:07.0667 5140        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:51:07.0693 5140        iteatapi - ok
20:51:07.0718 5140        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:51:07.0730 5140        iteraid - ok
20:51:07.0753 5140        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:51:07.0766 5140        kbdclass - ok
20:51:07.0784 5140        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
20:51:07.0807 5140        kbdhid - ok
20:51:07.0832 5140        KSecDD          (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
20:51:07.0851 5140        KSecDD - ok
20:51:07.0942 5140        Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
20:51:07.0948 5140        Lavasoft Kernexplorer - ok
20:51:07.0971 5140        Lbd            (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
20:51:07.0977 5140        Lbd - ok
20:51:08.0003 5140        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
20:51:08.0013 5140        lirsgt - ok
20:51:08.0026 5140        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:51:08.0081 5140        lltdio - ok
20:51:08.0111 5140        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:51:08.0121 5140        LSI_FC - ok
20:51:08.0136 5140        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:51:08.0150 5140        LSI_SAS - ok
20:51:08.0172 5140        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:51:08.0186 5140        LSI_SCSI - ok
20:51:08.0193 5140        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:51:08.0228 5140        luafv - ok
20:51:08.0271 5140        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
20:51:08.0282 5140        MBAMProtector - ok
20:51:08.0302 5140        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:51:08.0310 5140        megasas - ok
20:51:08.0334 5140        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:51:08.0370 5140        MegaSR - ok
20:51:08.0390 5140        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:51:08.0412 5140        Modem - ok
20:51:08.0451 5140        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:51:08.0479 5140        monitor - ok
20:51:08.0492 5140        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:51:08.0505 5140        mouclass - ok
20:51:08.0528 5140        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
20:51:08.0599 5140        mouhid - ok
20:51:08.0611 5140        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:51:08.0622 5140        MountMgr - ok
20:51:08.0649 5140        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:51:08.0662 5140        mpio - ok
20:51:08.0684 5140        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:51:08.0701 5140        mpsdrv - ok
20:51:08.0719 5140        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:51:08.0726 5140        Mraid35x - ok
20:51:08.0733 5140        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
20:51:08.0761 5140        MRxDAV - ok
20:51:08.0778 5140        mrxsmb          (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:51:08.0800 5140        mrxsmb - ok
20:51:08.0830 5140        mrxsmb10        (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:51:08.0865 5140        mrxsmb10 - ok
20:51:08.0872 5140        mrxsmb20        (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:51:08.0892 5140        mrxsmb20 - ok
20:51:08.0914 5140        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:51:08.0920 5140        msahci - ok
20:51:08.0942 5140        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:51:08.0954 5140        msdsm - ok
20:51:08.0964 5140        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:51:08.0989 5140        Msfs - ok
20:51:08.0995 5140        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:51:09.0001 5140        msisadrv - ok
20:51:09.0021 5140        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:51:09.0052 5140        MSKSSRV - ok
20:51:09.0062 5140        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:51:09.0093 5140        MSPCLOCK - ok
20:51:09.0109 5140        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:51:09.0132 5140        MSPQM - ok
20:51:09.0151 5140        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
20:51:09.0164 5140        MsRPC - ok
20:51:09.0181 5140        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:51:09.0189 5140        mssmbios - ok
20:51:09.0204 5140        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:51:09.0230 5140        MSTEE - ok
20:51:09.0258 5140        MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
20:51:09.0283 5140        MTsensor - ok
20:51:09.0306 5140        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
20:51:09.0314 5140        Mup - ok
20:51:09.0347 5140        NativeWifiP    (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
20:51:09.0381 5140        NativeWifiP - ok
20:51:09.0408 5140        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
20:51:09.0425 5140        NDIS - ok
20:51:09.0435 5140        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:51:09.0467 5140        NdisTapi - ok
20:51:09.0492 5140        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:51:09.0531 5140        Ndisuio - ok
20:51:09.0560 5140        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
20:51:09.0585 5140        NdisWan - ok
20:51:09.0602 5140        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:51:09.0637 5140        NDProxy - ok
20:51:09.0652 5140        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:51:09.0687 5140        NetBIOS - ok
20:51:09.0702 5140        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
20:51:09.0736 5140        netbt - ok
20:51:09.0763 5140        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:51:09.0775 5140        nfrd960 - ok
20:51:09.0784 5140        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
20:51:09.0825 5140        Npfs - ok
20:51:09.0844 5140        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:51:09.0871 5140        nsiproxy - ok
20:51:09.0905 5140        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
20:51:09.0959 5140        Ntfs - ok
20:51:09.0977 5140        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:51:10.0036 5140        ntrigdigi - ok
20:51:10.0046 5140        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:51:10.0082 5140        Null - ok
20:51:10.0264 5140        nvlddmkm        (0013f8cf1322487fb247eae56ef0ed90) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:51:10.0535 5140        nvlddmkm - ok
20:51:10.0619 5140        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:51:10.0628 5140        nvraid - ok
20:51:10.0644 5140        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:51:10.0656 5140        nvstor - ok
20:51:10.0684 5140        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:51:10.0698 5140        nv_agp - ok
20:51:10.0704 5140        NwlnkFlt - ok
20:51:10.0712 5140        NwlnkFwd - ok
20:51:10.0724 5140        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:51:10.0782 5140        ohci1394 - ok
20:51:10.0805 5140        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:51:10.0858 5140        Parport - ok
20:51:10.0871 5140        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
20:51:10.0878 5140        partmgr - ok
20:51:10.0897 5140        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:51:10.0955 5140        Parvdm - ok
20:51:10.0972 5140        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
20:51:10.0982 5140        pci - ok
20:51:10.0993 5140        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:51:11.0000 5140        pciide - ok
20:51:11.0021 5140        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:51:11.0031 5140        pcmcia - ok
20:51:11.0067 5140        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:51:11.0124 5140        PEAUTH - ok
20:51:11.0174 5140        PnkBstrK        (db7f8840c92865ca6f3d2db063a5b999) C:\Windows\system32\drivers\PnkBstrK.sys
20:51:11.0201 5140        PnkBstrK - ok
20:51:11.0232 5140        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:51:11.0261 5140        PptpMiniport - ok
20:51:11.0283 5140        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:51:11.0326 5140        Processor - ok
20:51:11.0362 5140        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
20:51:11.0395 5140        PSched - ok
20:51:11.0432 5140        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:51:11.0468 5140        ql2300 - ok
20:51:11.0492 5140        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:51:11.0502 5140        ql40xx - ok
20:51:11.0520 5140        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:51:11.0548 5140        QWAVEdrv - ok
20:51:11.0565 5140        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:51:11.0588 5140        RasAcd - ok
20:51:11.0620 5140        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:51:11.0647 5140        Rasl2tp - ok
20:51:11.0665 5140        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
20:51:11.0698 5140        RasPppoe - ok
20:51:11.0717 5140        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
20:51:11.0760 5140        RasSstp - ok
20:51:11.0784 5140        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
20:51:11.0809 5140        rdbss - ok
20:51:11.0817 5140        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:51:11.0842 5140        RDPCDD - ok
20:51:11.0868 5140        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:51:11.0894 5140        rdpdr - ok
20:51:11.0902 5140        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:51:11.0962 5140        RDPENCDD - ok
20:51:11.0986 5140        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
20:51:12.0017 5140        RDPWD - ok
20:51:12.0049 5140        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:51:12.0073 5140        rspndr - ok
20:51:12.0099 5140        RTL8169        (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:51:12.0145 5140        RTL8169 - ok
20:51:12.0167 5140        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:51:12.0176 5140        sbp2port - ok
20:51:12.0202 5140        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:51:12.0263 5140        secdrv - ok
20:51:12.0274 5140        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
20:51:12.0301 5140        Serenum - ok
20:51:12.0309 5140        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
20:51:12.0332 5140        Serial - ok
20:51:12.0352 5140        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:51:12.0388 5140        sermouse - ok
20:51:12.0411 5140        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:51:12.0436 5140        sffdisk - ok
20:51:12.0456 5140        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:51:12.0482 5140        sffp_mmc - ok
20:51:12.0501 5140        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:51:12.0546 5140        sffp_sd - ok
20:51:12.0567 5140        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:51:12.0628 5140        sfloppy - ok
20:51:12.0665 5140        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:51:12.0678 5140        sisagp - ok
20:51:12.0700 5140        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:51:12.0709 5140        SiSRaid2 - ok
20:51:12.0729 5140        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:51:12.0743 5140        SiSRaid4 - ok
20:51:12.0763 5140        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
20:51:12.0787 5140        Smb - ok
20:51:12.0809 5140        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:51:12.0821 5140        spldr - ok
20:51:12.0829 5140        sptd - ok
20:51:12.0859 5140        srv            (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
20:51:12.0898 5140        srv - ok
20:51:12.0906 5140        srv2            (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
20:51:12.0934 5140        srv2 - ok
20:51:12.0943 5140        srvnet          (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
20:51:12.0981 5140        srvnet - ok
20:51:13.0006 5140        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:51:13.0014 5140        ssmdrv - ok
20:51:13.0054 5140        ss_bbus        (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
20:51:13.0067 5140        ss_bbus - ok
20:51:13.0101 5140        ss_bmdfl        (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
20:51:13.0107 5140        ss_bmdfl - ok
20:51:13.0129 5140        ss_bmdm        (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
20:51:13.0142 5140        ss_bmdm - ok
20:51:13.0168 5140        ss_bserd        (994d2e5378cc337ec7dd73c1e04fcaa4) C:\Windows\system32\DRIVERS\ss_bserd.sys
20:51:13.0180 5140        ss_bserd - ok
20:51:13.0201 5140        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:51:13.0209 5140        swenum - ok
20:51:13.0232 5140        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:51:13.0241 5140        Symc8xx - ok
20:51:13.0256 5140        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:51:13.0267 5140        Sym_hi - ok
20:51:13.0288 5140        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:51:13.0300 5140        Sym_u3 - ok
20:51:13.0335 5140        tap0801        (0c82061920a2de35d33c2c2bb83b1e98) C:\Windows\system32\DRIVERS\tap0801.sys
20:51:13.0361 5140        tap0801 ( UnsignedFile.Multi.Generic ) - warning
20:51:13.0361 5140        tap0801 - detected UnsignedFile.Multi.Generic (1)
20:51:13.0391 5140        tap0901t        (b7aee68d2e867cbf69b649b18fcedbbb) C:\Windows\system32\DRIVERS\tap0901t.sys
20:51:13.0441 5140        tap0901t ( UnsignedFile.Multi.Generic ) - warning
20:51:13.0441 5140        tap0901t - detected UnsignedFile.Multi.Generic (1)
20:51:13.0488 5140        Tcpip          (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
20:51:13.0533 5140        Tcpip - ok
20:51:13.0571 5140        Tcpip6          (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
20:51:13.0596 5140        Tcpip6 - ok
20:51:13.0618 5140        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
20:51:13.0649 5140        tcpipreg - ok
20:51:13.0666 5140        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:51:13.0701 5140        TDPIPE - ok
20:51:13.0722 5140        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:51:13.0747 5140        TDTCP - ok
20:51:13.0771 5140        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
20:51:13.0833 5140        tdx - ok
20:51:13.0849 5140        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
20:51:13.0862 5140        TermDD - ok
20:51:13.0898 5140        truecrypt      (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
20:51:13.0917 5140        truecrypt - ok
20:51:13.0946 5140        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:51:13.0978 5140        tssecsrv - ok
20:51:13.0996 5140        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:51:14.0026 5140        tunmp - ok
20:51:14.0033 5140        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
20:51:14.0065 5140        tunnel - ok
20:51:14.0084 5140        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:51:14.0093 5140        uagp35 - ok
20:51:14.0114 5140        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
20:51:14.0139 5140        udfs - ok
20:51:14.0162 5140        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:51:14.0172 5140        uliagpkx - ok
20:51:14.0197 5140        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:51:14.0214 5140        uliahci - ok
20:51:14.0230 5140        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:51:14.0240 5140        UlSata - ok
20:51:14.0261 5140        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:51:14.0277 5140        ulsata2 - ok
20:51:14.0285 5140        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:51:14.0321 5140        umbus - ok
20:51:14.0389 5140        UnlockerDriver5 (4847639d852763ee39415c929470f672) D:\Program Files\Unlocker\UnlockerDriver5.sys
20:51:14.0413 5140        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
20:51:14.0413 5140        UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
20:51:14.0446 5140        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
20:51:14.0504 5140        usbccgp - ok
20:51:14.0529 5140        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:51:14.0589 5140        usbcir - ok
20:51:14.0613 5140        usbehci        (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
20:51:14.0639 5140        usbehci - ok
20:51:14.0648 5140        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
20:51:14.0673 5140        usbhub - ok
20:51:14.0697 5140        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:51:14.0759 5140        usbohci - ok
20:51:14.0782 5140        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:51:14.0807 5140        usbprint - ok
20:51:14.0821 5140        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:51:14.0854 5140        USBSTOR - ok
20:51:14.0871 5140        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:51:14.0896 5140        usbuhci - ok
20:51:14.0918 5140        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:51:14.0956 5140        vga - ok
20:51:14.0976 5140        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:51:15.0036 5140        VgaSave - ok
20:51:15.0062 5140        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:51:15.0076 5140        viaagp - ok
20:51:15.0091 5140        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:51:15.0114 5140        ViaC7 - ok
20:51:15.0154 5140        VIAHdAudAddService (dbac5431300999968f01772c4162459b) C:\Windows\system32\drivers\viahduaa.sys
20:51:15.0210 5140        VIAHdAudAddService - ok
20:51:15.0248 5140        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:51:15.0260 5140        viaide - ok
20:51:15.0273 5140        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:51:15.0282 5140        volmgr - ok
20:51:15.0299 5140        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
20:51:15.0313 5140        volmgrx - ok
20:51:15.0322 5140        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
20:51:15.0333 5140        volsnap - ok
20:51:15.0357 5140        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:51:15.0372 5140        vsmraid - ok
20:51:15.0406 5140        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:51:15.0453 5140        WacomPen - ok
20:51:15.0468 5140        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:51:15.0495 5140        Wanarp - ok
20:51:15.0498 5140        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:51:15.0524 5140        Wanarpv6 - ok
20:51:15.0548 5140        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:51:15.0557 5140        Wd - ok
20:51:15.0582 5140        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:51:15.0623 5140        Wdf01000 - ok
20:51:15.0681 5140        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:51:15.0701 5140        WmiAcpi - ok
20:51:15.0743 5140        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
20:51:15.0778 5140        WpdUsb - ok
20:51:15.0805 5140        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:51:15.0837 5140        ws2ifsl - ok
20:51:15.0868 5140        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:51:15.0904 5140        WUDFRd - ok
20:51:15.0944 5140        xusb21          (09e5340bd9b2cb730bf4dc6be7721291) C:\Windows\system32\DRIVERS\xusb21.sys
20:51:15.0954 5140        xusb21 - ok
20:51:15.0969 5140        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:51:16.0073 5140        \Device\Harddisk0\DR0 - ok
20:51:16.0076 5140        Boot (0x1200)  (3ff2536bbf76f6bf2f12a49c28aeddb5) \Device\Harddisk0\DR0\Partition0
20:51:16.0076 5140        \Device\Harddisk0\DR0\Partition0 - ok
20:51:16.0102 5140        Boot (0x1200)  (fc63592dad1cf7caa0aa2295b766e5e7) \Device\Harddisk0\DR0\Partition1
20:51:16.0103 5140        \Device\Harddisk0\DR0\Partition1 - ok
20:51:16.0103 5140        ============================================================
20:51:16.0103 5140        Scan finished
20:51:16.0103 5140        ============================================================
20:51:16.0111 4288        Detected object count: 3
20:51:16.0111 4288        Actual detected object count: 3
20:51:37.0629 4288        tap0801 ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:37.0629 4288        tap0801 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:37.0630 4288        tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:37.0630 4288        tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:37.0631 4288        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:37.0631 4288        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Chris4You 19.02.2012 17:33
Hi,

die von Dir "geskippten" Files sind Dir bekannt (gehören zu OpenVPN)?

Poste noch einmal ein neues OTL-Log...
Macht der Rechner noch Mucken?

chris

Kowalski1 21.02.2012 14:18
Jo, OpenVPN hatte ich mal installiert, aber dachte eigentlich auch wieder deinstalliert, soll ich das Programm nochmal ausführen und die Dateien löschen, oder sind diese harmlos und können da bleiben?

Bewusst merke ich eigentlich nichts, dass etwas anders ist wie vor dem Virus.


OTL Logfile:
Code:
OTL logfile created on: 21.02.2012 14:12:34 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 53,30% Memory free
10,99 Gb Paging File | 9,50 Gb Available in Paging File | 86,40% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 77,63 Gb Free Space | 39,75% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 23,76 Gb Free Space | 8,79% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxbccoms.exe ( )
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
MOD - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (BVWYVEOMKJJ) --  File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (postgresql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (TunngleService) -- D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (DAUpdaterSvc) -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbc_device) -- C:\Windows\System32\lxbccoms.exe ( )
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - SOFTWARE\Classes\CLSID\\LocalServer32 File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wieistmeineip.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f.2: C:\Program Files\Dyyno\Dyyno Player\npvlc.dll (Dyyno)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.30 19:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.30 21:51:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.22 17:14:35 | 000,000,000 | ---D | M]
 
[2009.01.23 17:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2012.02.21 11:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions
[2010.03.19 20:36:29 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011.02.02 19:41:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.26 18:52:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.15 14:42:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.30 19:50:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.23 10:42:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.03.03 13:30:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.02.14 18:45:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\moveplayer@movenetworks.com
[2009.04.20 14:36:41 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\NPDyyno@dyyno.com
[2010.10.20 19:48:50 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\vshare@toolbar
[2010.01.23 12:35:03 | 000,002,321 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\dictcc.xml
[2009.06.15 20:46:47 | 000,002,030 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\myvideo-suche-.xml
[2009.07.11 11:04:46 | 000,000,727 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\phpnet.xml
[2009.01.23 18:10:53 | 000,002,108 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\youtube-videosuche.xml
[2012.02.21 11:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.29 12:33:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.16 22:19:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.16 13:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009.02.19 09:53:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009.06.05 15:55:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.23 14:39:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2011.03.16 22:19:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.16 13:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.12.30 19:41:01 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.21 00:20:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.21 00:20:52 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.21 00:20:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.21 00:20:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.21 00:20:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Dyyno Player Plugin (Enabled) = C:\Program Files\Dyyno\Dyyno Player\npvlc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2012.02.18 14:38:07 | 000,449,370 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 15445 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll ( )
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DE9F9EF-8DB8-41C2-8A1F-AF77E3B8D7FB}: NameServer = 195.50.140.246 195.50.140.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E65DDC-D557-4A3C-93DC-0488FAD00A79}: DhcpNameServer = 92.241.168.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5348C871-FA4C-48BA-8047-4C204317B8F4}: DhcpNameServer = 7.254.254.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell - "" = AutoRun
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell - "" = AutoRun
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell\AutoRun\command - "" = H:\steambackup2.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.16 19:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\tdsskiller
[2012.02.15 20:12:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.14 19:12:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2012.02.14 19:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.14 19:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.14 19:11:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.14 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.14 17:58:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012.02.13 17:59:32 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Avira
[2012.02.13 17:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.13 17:58:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.13 17:58:04 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.13 17:58:04 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.13 17:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.13 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2009.01.29 19:28:27 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\PrxerNsp.dll
[2009.01.26 14:40:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2009.01.26 14:40:49 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2009.01.26 14:40:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2009.01.26 14:40:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2009.01.26 14:40:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2009.01.26 14:40:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2009.01.26 14:40:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe
[2009.01.26 14:40:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2009.01.26 14:40:49 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2009.01.26 14:40:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe
[2009.01.26 14:40:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe
[2009.01.26 14:40:49 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2009.01.26 14:40:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2009.01.26 14:40:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.21 13:08:11 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.21 13:08:11 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.21 11:19:31 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.21 11:08:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.21 11:08:05 | 3488,735,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.20 23:56:08 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.02.19 21:22:12 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.02.19 21:22:12 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.02.18 14:38:07 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.02.18 14:37:58 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143807.backup
[2012.02.16 15:39:21 | 000,026,720 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2012.02.16 15:39:13 | 000,002,623 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Word.lnk
[2012.02.15 13:11:54 | 000,000,404 | ---- | M] () -- C:\Windows\LEXSTAT.INI
[2012.02.14 19:11:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.14 17:58:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012.02.13 17:58:20 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.11 21:16:46 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120216-200440.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143758.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143711.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120217-085149.backup
[2012.02.08 19:32:27 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120211-211646.backup
[2012.02.07 14:30:18 | 000,449,210 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120208-193227.backup
[2012.02.05 18:52:43 | 000,449,210 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120207-143018.backup
[2012.02.01 14:50:51 | 000,449,210 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120205-185243.backup
[2012.01.29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.26 19:09:46 | 000,699,116 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.26 19:09:46 | 000,655,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.26 19:09:46 | 000,156,440 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.26 19:09:46 | 000,128,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.26 19:09:25 | 000,154,624 | ---- | M] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.25 19:39:51 | 000,449,124 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120201-145051.backup
[2012.01.25 12:12:05 | 000,448,311 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120125-193951.backup
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.14 19:11:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 17:58:20 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.13 16:57:59 | 3488,735,232 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.15 05:39:42 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.08.01 18:35:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.12 22:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.06.01 13:45:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.06.01 13:45:52 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.05.26 20:17:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.26 20:17:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.05.12 20:46:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.01.13 18:18:15 | 000,000,365 | ---- | C] () -- C:\Users\Kevin\AppData\Local\postgresinstall.bat
[2011.01.04 15:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 15:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 15:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 15:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 15:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2010.05.26 19:37:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.04.28 20:31:06 | 000,000,068 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.05 18:47:36 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.02.27 13:08:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.23 16:13:27 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2010.01.27 20:46:45 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.29 12:32:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.23 20:40:51 | 000,000,762 | ---- | C] () -- C:\Windows\Edofma.INI
[2009.08.28 13:25:32 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.23 19:20:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.05.29 17:36:24 | 000,086,250 | ---- | C] () -- C:\Windows\wininit.ini
[2009.05.27 17:23:04 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2009.05.12 12:32:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.03.22 21:18:35 | 000,134,989 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.03.15 19:22:50 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.29 20:02:15 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat
[2009.01.29 19:28:29 | 000,000,386 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Current.prx
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2009.01.26 14:40:49 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2009.01.26 11:19:30 | 000,026,720 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2009.01.26 11:15:43 | 000,001,187 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.26 10:43:49 | 000,000,404 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2009.01.25 18:14:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.01.25 18:14:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.01.23 17:21:26 | 000,154,624 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.23 17:10:00 | 000,138,056 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\PnkBstrK.sys
[2009.01.23 17:09:45 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.01.23 17:09:43 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.01.23 17:09:43 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.01.23 15:28:26 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.23 15:28:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.23 15:04:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.01.23 15:04:23 | 000,026,082 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.01.23 15:03:13 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2008.01.21 08:15:58 | 000,699,116 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,156,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007.02.22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,296,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,655,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,128,292 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.25 14:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll
[1999.01.22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:437DA1922D9BCD1B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A7D1EA69
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A064CECC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:41ADDB8A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:05EE1EEF

< End of report >
--- --- ---

Kowalski1 21.02.2012 14:19
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 21.02.2012 14:12:34 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 53,30% Memory free
10,99 Gb Paging File | 9,50 Gb Available in Paging File | 86,40% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 77,63 Gb Free Space | 39,75% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 23,76 Gb Free Space | 8,79% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BC15B64-C369-496B-A7D8-CFFFC4738F54}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93D28C7D-657A-4A6C-9A39-E8811B331A93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9B414A25-7921-4077-8A59-B68AA7302B3D}" = lport=6112 | protocol=6 | dir=in | name=6112 |
"{A380219C-62BF-43B3-A6B1-09D5BDF70280}" = lport=1338 | protocol=6 | dir=in | name=1338 |
"{AC91602A-E785-452B-8567-15E5539F3047}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{C6D9711C-F8FC-4968-B369-15E51F4CA809}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{C84A652A-8EBA-4CB9-99A5-A971B83D8A81}" = lport=6112 | protocol=17 | dir=in | name=6112 |
"{DFEAD0CC-CDB7-455C-9249-93B9580096CA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{FDFCFF18-B31E-40CD-BD14-B5E380366C3A}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02260DC9-E8BB-4709-AE40-AC121E1B75C4}" = protocol=6 | dir=in | app=d:\program files\tunngle\tunngle.exe |
"{050717F2-A386-453C-9E2F-3E820C983899}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{0B15D919-5D5E-44A1-87D3-A138A09B8863}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{0CE501C0-FDCF-4D73-B12C-314C4B52CC81}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{102B6718-FC6C-417E-9224-A7EB457B3B58}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{10FAA7ED-BF56-49A0-9FE0-9B82B277744C}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{13EDE2F6-A665-4156-AF37-9447DE82A910}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{1711F7DC-8DB9-4F7A-8479-F04A13225919}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{1B2A3F2F-1146-4727-97EA-2CCF7BD51B64}" = protocol=17 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{2292A04C-B868-459D-B9FC-C131350CA1ED}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{23CEBD8A-3C1D-4B0E-882C-A4FCF90AB311}" = protocol=17 | dir=in | app=d:\program files\origin games\fifa 12\game\fifa.exe |
"{2424D9BB-DF60-4D8F-AE13-BC1FCB900C72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B8C018F-B057-4F7A-85A4-3ECF943216F9}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{3235C9BD-E643-4991-A705-710F9EA4A2D1}" = protocol=6 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{3518C955-624F-496D-B0BA-B30391ADAA38}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{3630A9D1-6A51-4B39-BEC9-4D15CCD4DDC0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{36C40B64-DA14-4D51-8CCC-9BBDCAFA559D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39E71065-55BB-4394-BA3A-EF8F1A446F4A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{3A483245-06E6-43D5-8775-CE3D6B3036F7}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\empire total war\empire.exe |
"{3DA9F65D-0F1B-4AC4-93FF-931F8E04C48C}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{3E262613-34F5-40BC-9945-DD865C30B995}" = protocol=17 | dir=in | app=d:\program files\guild wars\gw.exe |
"{3EC05ED4-1271-4608-A9C0-5553C6A9AFD5}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{435BA85B-268F-4C94-9075-CEF504A1F201}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4A6297F7-5AAB-451F-AB63-6DCDC1EBEE4A}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{4C9FDD42-5D44-4FC3-8E72-410A9266A9A5}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\holdemmanager.exe |
"{4E48D4A7-54F5-4CB8-BCE4-D3D267E2B647}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{538A5A86-8353-45C0-ACAC-0C5A64CDE326}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{563115A1-0AB3-403A-A358-8CC8169C7C92}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{64526B2B-07FE-4CB9-995A-EC99BD56CEC4}" = protocol=6 | dir=in | app=d:\program files\origin games\fifa 12\game\fifa.exe |
"{67992397-B7F7-48C9-AFB8-4D2413AED5C2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{68D0A40B-8F8C-450C-AFB0-108EFC58CA95}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{690B9E13-F0F1-4C73-BE7F-F9D7DE3AB7D9}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe |
"{6A07AFBB-4BCF-4EA3-B508-52A3610868DC}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{6B061DED-E945-4814-B47A-FC9F738527B4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{6D04846C-3871-404E-8733-DD022C80F67F}" = protocol=17 | dir=in | app=d:\program files\tunngle\tunngle.exe |
"{723E5170-3CBE-40B8-8F55-7AD9AC5820A3}" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{72B0DB13-159F-4B56-BE61-0FAC797EB6FF}" = protocol=6 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{750974CD-2435-4972-ADF3-F528CBC8235B}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{76DAFFCF-C701-4127-A0F9-BB5BA3FD1BB1}" = protocol=17 | dir=in | app=d:\program files\jdownloader\jdownloader.exe |
"{790146CC-0E13-491D-B8B4-BBB41C56F905}" = protocol=17 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{816D2944-2DDC-4CA2-82B1-FD5A19CBECB7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{82D89747-9AB8-4AE0-9EF0-BC90C1F3AD2B}" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{8395DC00-59CF-451E-98B3-AA3B56F4BFE8}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{84ECAE31-FC9E-4C68-8E94-D26484B812F5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{878CF526-CDEE-4F0B-9B48-3A33B6456523}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{88779E37-82FB-4FF0-B070-B60C5C67BB61}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{89D5CA6B-C59E-421F-B29A-C3139E64C405}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{8D9080F5-CBB9-4D78-9741-EB29E4137EC8}" = protocol=17 | dir=in | app=d:\program files\tunngle\tnglctrl.exe |
"{8DD8DE8D-5C60-431F-94A2-2085321DF1A0}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{8E10E4F2-102D-4313-A0C2-49FC0F8A9780}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{8F352AF1-718E-478D-A562-B315AF975D36}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\dbcontrolpanel.exe |
"{9066254F-CA05-4EAD-A4F2-C51E4E680FB5}" = protocol=17 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{90EE8DC0-423B-4889-8746-4EAA937158D5}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{91371408-6EF0-4D66-BA1A-CE2273A4C934}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{954EADF2-6428-4413-BDAA-9B642E192696}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{98A92B9B-2335-41B4-95F7-07262B5991EF}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\holdemmanager.exe |
"{9C32CA59-2829-4D89-9165-B97478D864BF}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{A2A87C3B-F9F4-4756-AD7E-E9AF4FC1330B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{A3D2E1C9-2EEE-4A9C-AA5F-070D9DF59537}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{B10D5103-085B-4117-9133-F70B2C643F75}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B2DF138E-9D08-481D-A35C-3DF328E167AD}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{B2E8F5FC-C809-4468-89C7-7BC5F4A98AEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3740786-CCE7-4F72-94A8-2144178CE1DC}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{B5F30A51-1A31-4C51-BA5B-81D57F176B3A}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{B9BA56B4-9973-4FCE-BB3F-FE3BA14D123E}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{C2C7D9BA-F032-4721-BE08-FC5CC192779B}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{C3FCFC0F-6786-4BCD-8E90-7FAC5F771B8E}" = protocol=6 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{C6EE227B-D4C8-447A-9839-F4180B9B47B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9227D88-0738-4AAF-8B83-FC1EC143C487}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{CC4BBF49-1B60-442E-89A9-B06A529E79EF}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{CF275D39-5B34-4F54-9AAC-E67D11014EF2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{D0A342DE-47F0-40E5-9DDC-26A00D484ADE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D0FF87E1-C68C-4DD2-B2D0-94E4CFC3FF1C}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D155E9CF-FB09-493B-A41C-49B03EC8F8DB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{D7C61099-0E88-4FC1-A2A7-BBD4B33A57D9}" = protocol=6 | dir=in | app=d:\program files\tunngle\tnglctrl.exe |
"{DA2244EA-B8AF-4632-9ED7-17EDC40614BC}" = protocol=6 | dir=in | app=d:\program files\jdownloader\jdownloader.exe |
"{DEF5CCD5-D345-4C7B-9B5E-7204566625EC}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{E013AFFF-F7CB-4D5B-AFDC-7A867571087C}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\empire total war\empire.exe |
"{E07CD312-6F7C-45E7-BA3B-DCCF6DDC235E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0C4163B-AFA6-4B91-A36D-BA5A74848E85}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{E1694F0D-443C-4AF3-B632-53A516E6E2D6}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\hmhud.exe |
"{E2A90B3E-2D2F-4451-98BD-3965C1E50BE7}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\dbcontrolpanel.exe |
"{E2D38A28-619B-4834-AF19-44745E421847}" = protocol=6 | dir=in | app=d:\program files\guild wars\gw.exe |
"{E3419925-96B7-4252-8A83-793EC1FC6CCF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{E9B24E58-D222-416D-9A21-7000279F0571}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{EE8BC520-C3F9-4AD8-B582-718CB0F6D022}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F322ECEA-F096-411A-949E-5C828DD2E3E5}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\hmhud.exe |
"{F32BC7EA-EE55-451E-83BA-2390596BCF5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F59FDB2E-6B16-4D9E-9E79-BAE045C89F89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA037785-B456-43D8-B5C1-23B33479A2CF}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{FA640713-D0A0-48F1-965A-F8C400DE261C}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{FBB8494F-3FBD-49A7-97CA-179BDB9729D2}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe |
"{FC00CB47-D4D8-400F-9E57-D4446BD637A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCD0F2B3-1DDD-4755-96DF-1356DAE8E10C}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{FD842E24-0121-4040-9F34-B835AF063345}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FE49D6DF-5DF5-4677-81B4-9CD40252F8C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{049D0E66-0298-4E8B-9358-D47E8FDB0C3F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{04F344EC-5E4D-43F6-AFCE-22EE95F7FB50}D:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe |
"TCP Query User{08174836-18B6-4FAA-A655-2571C7877725}D:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
"TCP Query User{0C126593-312B-4AD3-863D-8400420B58B9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{0C1461D8-90F6-4C35-AFAC-24D5E8C44CA4}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=6 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"TCP Query User{0CE0CFA6-E3A7-4CD4-B0DE-3B57D98C23EB}D:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe |
"TCP Query User{124E94B1-4E62-42E7-99E3-CC7BF683C40E}D:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=d:\program files\intervideo\dvd8\windvd.exe |
"TCP Query User{1416E868-8826-47F9-BDD3-F75ED2C5181B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{14308610-31A2-4E31-AC07-0DDBA6690333}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{1B7FE7CC-DBF3-458A-80D3-5FEA509CCE67}D:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"TCP Query User{1D2E2B02-D8A0-42C1-8466-0A36F0902BC9}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{3C0AB35C-276B-414D-A213-E54BBBB838DF}D:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"TCP Query User{49D913CB-E95A-4154-88F6-C93E1752763F}D:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=d:\program files\winhttrack\winhttrack.exe |
"TCP Query User{4FE52CA6-24AA-40ED-BDFA-005BF946FC2A}D:\program files\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=d:\program files\valve\portal 2\portal2.exe |
"TCP Query User{6AF44318-D101-489A-9755-24201C6661E6}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{6B07766E-D96C-49E9-9A06-8DA31F794839}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{6E85616E-0AC0-4DBB-A33C-812E9E52B214}C:\program files\graffiti studio 2.0\graffiti studio.exe" = protocol=6 | dir=in | app=c:\program files\graffiti studio 2.0\graffiti studio.exe |
"TCP Query User{74F4E9B8-5458-4F9F-98D5-44928363DB1E}D:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"TCP Query User{836C65D3-9920-4A7B-9412-98DB2ED728E8}D:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{90414F95-AB68-4239-BCB5-B36E9C41F391}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{94F32068-74E9-43E9-99DF-E6ADAE1FC09C}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{96097F71-1DAA-461B-829A-AB480AE296D1}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{96C6F46D-7F7E-4E33-ACEB-C16A1FE2F753}D:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{9ABA2525-3565-4259-A03E-24ADEF7EABE3}D:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=6 | dir=in | app=d:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"TCP Query User{9B5354C6-39D5-4310-BC11-D6CE303EB780}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A3890824-D3F6-4F4F-ADF3-D4E2F7ACFED5}C:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe |
"TCP Query User{AFFDAD41-1AF0-4AA9-A89B-BF912C6520A3}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{B9B481CC-80B5-410D-9E1D-3A38ADEE3F58}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{C3276851-E358-4B72-9A07-ED0D8BF93299}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E0831070-2F42-4BA3-95CC-25B22F88277D}C:\program files\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"TCP Query User{E4782409-E453-45AA-8C55-6FB1B41B9E28}C:\program files\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"TCP Query User{E89CBB6F-3FDC-4543-B1F3-49D067CCD41C}C:\users\kevin\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\kevin\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{F8783AAA-F8E2-4820-884A-9E8C25DBD531}D:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\addon.exe |
"UDP Query User{02993BB8-1AEE-451D-8FEB-F9B2BC730D15}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{0378D491-90D0-47E8-9F5F-B5BD4BA7D2D7}D:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe |
"UDP Query User{0576D843-2AB9-4805-800C-F65355E2553E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0FBE7B06-3488-4C92-ABBF-813488D24215}D:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"UDP Query User{126CC74A-8A3C-42DD-AA55-32C1862A9A4A}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=17 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"UDP Query User{2135D95F-6179-48A4-AB5F-23E6A6683DDE}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{22DC7004-F415-4A63-A3AB-CEA9D14A2A4D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{24CF0632-9E3A-427B-9A89-6CFA95A0CF0F}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{2B0C7EDD-9757-4908-839E-CE60AD3AAB94}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2ED5D616-E6CA-40E5-8295-2F8260D4C2D2}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{33234148-933E-406B-867E-4F6FE70750C6}D:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=17 | dir=in | app=d:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"UDP Query User{397800EC-ADF1-4E68-97E7-623353BC6BBB}C:\program files\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"UDP Query User{39876B57-9949-4193-B7BB-62965B7CA361}C:\program files\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"UDP Query User{3CEC3EB6-213D-4754-AAA0-F70A7DF77DB9}D:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=d:\program files\winhttrack\winhttrack.exe |
"UDP Query User{48C2ECB9-17B2-48C5-87DB-F9B1317EB174}D:\program files\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=d:\program files\valve\portal 2\portal2.exe |
"UDP Query User{48FBD34E-91B9-43EB-935F-3A037D8934F1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4BF507AB-6E70-46A7-AE59-4B242C49FF87}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{4EB37FA1-7A9F-448A-A0B2-49D36334763F}C:\program files\graffiti studio 2.0\graffiti studio.exe" = protocol=17 | dir=in | app=c:\program files\graffiti studio 2.0\graffiti studio.exe |
"UDP Query User{520A5AFE-1914-4276-82DE-EFF1AB4C6528}D:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"UDP Query User{61C080E2-1D35-4A75-AFB4-9EE03D9486F4}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{638DCCE4-D8A3-40C7-8C48-D3CF6D496BF8}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{6396DB85-D5BB-485F-87B7-A29190E1D724}D:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\addon.exe |
"UDP Query User{73909B1C-8977-416E-B65E-0E7D64AB199D}D:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"UDP Query User{7EA54910-C7E0-40AB-85D4-8C00AC544246}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{810E8CAE-E004-4F84-A689-8D452C9459AB}C:\users\kevin\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\kevin\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{84787A75-BB9D-481F-88E0-DFEAFDB53536}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8946B41A-3B34-4FD8-B8DB-25A8A8690BC0}D:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{8FAF48EF-3C10-452B-AEF0-BCECCD682355}C:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe |
"UDP Query User{A0FB9F23-81DB-4467-A9D0-96B933FC272A}D:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe |
"UDP Query User{BE02FC87-B499-4FAA-BE33-B9E5700844E5}D:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=d:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{C0D295DE-8E05-4585-843E-93FC298484EA}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{F473267A-E72F-4133-B22F-74F39EAC164F}D:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F4B67866-96DB-4695-84A5-484A19FA9DA8}D:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1459C671-45F3-4A58-8EA6-3B675460E51A}" = DO Kopfrechnen
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM)
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light
"{3230518C-2953-4FB9-8485-B3CDFCC36A70}" = Rosetta Stone Ltd Services
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE2032D-B1DA-4057-9D1E-4120F8B64367}" = DSLaufzeit
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45B4FF51-D048-46A1-AE2C-3786F2221F47}" = DSRechner
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AF9D464-6627-4FB9-AEF9-15D6C972CA84}_is1" = Minecraft Beta Version 1.7.3
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{90DA7F39-B9D4-4FB1-93A0-6B10F83E35E2}" = Wer wird Millionär - Party-Edition
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{99889189-C739-4A46-BA02-3B271A118957}" = F.E.A.R. Mission Perseus
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53BEB85-A538-4F93-BF0C-2D9770532D10}" = Lost Horizon
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}" = Condemned - Criminal Origins
"{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}" = Clive Barker's Jericho
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2F8468F-85AB-4D08-A68E-01D328E7B261}" = PokerStrategy.com Elephant
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DEED33EE-4357-4907-8F20-C1A50CC68A5A}" = USB Joystick
"{E184BB79-61A3-4B0A-86D1-12A56C0A7270}" = Painkiller Resurrection
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E71AC707-179D-458D-A1E8-F52977CAEAB4}" = M.U.D. TV
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F027C8E3-6DBD-492A-9959-7B36B1DE0D65}" = Ad-Aware
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F73D18C1-F4DA-4B9F-9C46-5185F5D3DB7C}" = F.E.A.R. 2 SP Demo
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FD025150-EEA0-4CAC-BED1-B9837783FCC8}" = ActivePerl 5.10.0 Build 1005
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"abgx360" = abgx360 v1.0.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"APP-Codejock.SuitePro.ActiveX.v12.0.1_is1" = Xtreme SuitePro ActiveX v12.0.1
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ask Toolbar_is1" = Ask Toolbar
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Black Mirror 2_is1" = Black Mirror 2
"Black Mirror III_is1" = Black Mirror III
"Brain Workshop_is1" = Brain Workshop 4.4
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dues Ex Human Revolution_is1" = Dues Ex Human Revolution
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"DyynoPlayer" = DyynoPlayer 0.8.6f.2
"EFCL SecuLauncher Error Fix v1.1 by TokZic 1.1" = EFCL SecuLauncher Error Fix v1.1 by TokZic 1.1
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"Eraser" = Eraser
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F.E.A.R. 3_is1" = F.E.A.R. 3
"F.E.A.R.2 Reborn_is1" = F.E.A.R.2 Reborn
"FeedReader_is1" = FeedReader
"FileZilla Client" = FileZilla Client 3.3.4.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Billiards 2008_is1" = Free Billiards 2008
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Game Booster_is1" = Game Booster
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Updater" = Google Updater
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"HoldemManager" = Holdem Manager
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark 510 Series" = Lexmark 510 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mikogo" = Mikogo
"MobMap_is1" = MobMap 3.55
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MyMDb_0" = MyMDb 3.6
"Nero - Burning Rom!UninstallKey" = Ahead Nero OEM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"Origin" = Origin
"PartyPoker" = PartyPoker
"Pidgin" = Pidgin
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Postal 2_is1" = Portal 2
"PostgreSQL 8.3" = PostgreSQL 8.3
"PostgreSQL 8.4" = PostgreSQL 8.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Proxifier_is1" = Proxifier version 2.7
"PunkBusterSvc" = PunkBuster Services
"Quick Memory Editor_is1" = Quick Memory Editor 5.5
"QuickPar" = QuickPar 0.9
"RealPlayer 12.0" = RealPlayer
"Schlag den Raab_is1" = Schlag den Raab
"Shockwave" = Shockwave
"SitNGoWizard" = SitNGo Wizard
"SMPlayer_is1" = SMPlayer 0.6.6
"SopCast" = SopCast 3.2.4
"Steam App 10500" = Empire: Total War
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 500" = Left 4 Dead
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TeamViewer 6" = TeamViewer 6
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TrueCrypt" = TrueCrypt
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"UseNeXT_is1" = UseNeXT
"VirusTotalUploader" = VirusTotal Uploader
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 0.9.8a
"Warcraft III" = Warcraft III
"WebMoney Agent" = WebMoney Agent
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Wecker 2.2" = Wecker 2.2 2.2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9
"WinPatrol" = WinPatrol 2008
"WinRAR archiver" = WinRAR
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"World of Warcraft" = World of Warcraft
"xampp" = XAMPP 1.7.1
"X-Chat 2_is1" = X-Chat 2.8.6-2
"Xfire" = Xfire (remove only)
"XnView_is1" = XnView 1.96.5
"xp-AntiSpy" = xp-AntiSpy 3.97
"Zygor Guides" = Zygor Guides
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)
"BrainGame" = Dr Kawashima
"Google Chrome" = Google Chrome
"Runic Games Torchlight" = Torchlight
"sc10-DE_SEVENONE_MAIN" = Big Pizza Ski Challenge 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Universal Replayer" = Universal Replayer
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.02.2012 08:16:05 | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm RealPlay.exe, Version 12.0.1.609 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: bd0  Anfangszeit: 01ccf091ad0fab51  Zeitpunkt der
 Beendigung: 1171
 
Error - 21.02.2012 08:17:03 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.02.2012 08:17:24 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.02.2012 08:17:24 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.02.2012 08:17:42 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.02.2012 08:48:31 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.02.2012 08:48:52 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.02.2012 08:48:52 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.02.2012 08:52:46 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.02.2012 09:03:15 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ SitNGoWizard Events ]
Error - 18.10.2011 13:22:40 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.12.2011 13:44:20 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.12.2011 13:44:21 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.12.2011 13:44:30 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.12.2011 13:44:30 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.12.2011 13:44:40 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.12.2011 13:44:40 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 12.01.2012 16:45:46 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 12.01.2012 16:45:47 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 05.02.2012 17:31:48 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
[ System Events ]
Error - 19.02.2012 06:05:17 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 19.02.2012 10:27:14 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 19.02.2012 10:28:35 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 20.02.2012 07:08:13 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 20.02.2012 07:09:38 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 20.02.2012 17:22:05 | Computer Name = Kevin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 20.02.2012 um 22:20:21 unerwartet heruntergefahren.
 
Error - 20.02.2012 17:22:07 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 20.02.2012 17:23:46 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 21.02.2012 06:08:12 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 21.02.2012 06:09:35 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
[ TuneUp Events ]
Error - 16.02.2012 05:06:40 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-16 10:06:40', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','2056',0)
 
Error - 17.02.2012 03:01:07 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-17 08:01:07', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','1288',0)
 
Error - 17.02.2012 06:52:31 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-17 11:52:31', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4216',0)
 
Error - 18.02.2012 06:30:12 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-18 11:30:12', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4148',0)
 
Error - 18.02.2012 08:38:39 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-18 13:38:39', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','1488',0)
 
Error - 18.02.2012 12:06:27 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-18 17:06:27', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3780',0)
 
Error - 19.02.2012 06:07:25 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-19 11:07:25', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','728',0)
 
Error - 19.02.2012 10:30:41 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-19 15:30:41', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','3208',0)
 
Error - 20.02.2012 07:11:41 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-20 12:11:41', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4244',0)
 
Error - 20.02.2012 17:25:52 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-20 22:25:52', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4452',0)
 
 
< End of report >
--- --- ---

[/code]

Chris4You 22.02.2012 09:03
Hi,

neben VPN hast Du noch eine IP aus Russland und eine aus USA als DNS-Server....
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E65DDC-D557-4A3C-93DC-0488FAD00A79}: DhcpNameServer = 92.241.168.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5348C871-FA4C-48BA-8047-4C204317B8F4}: DhcpNameServer = 7.254.254.254
sagt Dir das was?

Sonst sieht es ok aus...

chris

Kowalski1 22.02.2012 14:05
Ich wüsste im Moment nicht genau was das ist.
Was kann ich machen um das zu löschen?

Chris4You 23.02.2012 08:40
Hi,

fixen wir das mal mit OTL...


OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:
:OTL

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E65DDC-D557-4A3C-93DC-0488FAD00A79}: DhcpNameServer = 92.241.168.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5348C871-FA4C-48BA-8047-4C204317B8F4}: DhcpNameServer = 7.254.254.254

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

Kowalski1 23.02.2012 20:52
Ich habe das von oben erstmal nicht ausgeführt.

Ich hatte heute wieder diesen Virus nur in etwas anderer Form, aber vom Prinzip genau der selbe.
Hab erstmal Systemwiederherstellung gemacht und jetzt geht alles wieder, aber ich weiß nicht wo das wieder herkam und ob noch was drinnen sitzt.

OTL Logfile:
Code:
OTL logfile created on: 23.02.2012 19:48:59 - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 33,96% Memory free
10,99 Gb Paging File | 9,03 Gb Available in Paging File | 82,19% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 73,32 Gb Free Space | 37,54% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 23,50 Gb Free Space | 8,69% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxbccoms.exe ( )
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
MOD - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (BVWYVEOMKJJ) --  File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (postgresql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (TunngleService) -- D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (DAUpdaterSvc) -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbc_device) -- C:\Windows\System32\lxbccoms.exe ( )
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - SOFTWARE\Classes\CLSID\\LocalServer32 File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wieistmeineip.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f.2: C:\Program Files\Dyyno\Dyyno Player\npvlc.dll (Dyyno)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.30 19:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.30 21:51:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.22 17:14:35 | 000,000,000 | ---D | M]
 
[2009.01.23 17:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2012.02.22 12:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions
[2010.03.19 20:36:29 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011.02.02 19:41:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.26 18:52:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.15 14:42:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.30 19:50:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.23 10:42:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.03.03 13:30:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.02.14 18:45:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\moveplayer@movenetworks.com
[2009.04.20 14:36:41 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\NPDyyno@dyyno.com
[2010.10.20 19:48:50 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\vshare@toolbar
[2010.01.23 12:35:03 | 000,002,321 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\dictcc.xml
[2009.06.15 20:46:47 | 000,002,030 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\myvideo-suche-.xml
[2009.07.11 11:04:46 | 000,000,727 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\phpnet.xml
[2009.01.23 18:10:53 | 000,002,108 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\youtube-videosuche.xml
[2012.02.22 12:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.29 12:33:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.16 22:19:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.16 13:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009.02.19 09:53:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009.06.05 15:55:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.23 14:39:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2011.03.16 22:19:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.16 13:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.12.30 19:41:01 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.21 00:20:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.21 00:20:52 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.21 00:20:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.21 00:20:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.21 00:20:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Dyyno Player Plugin (Enabled) = C:\Program Files\Dyyno\Dyyno Player\npvlc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2012.02.23 18:51:48 | 000,449,439 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 15448 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll ( )
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DE9F9EF-8DB8-41C2-8A1F-AF77E3B8D7FB}: NameServer = 195.50.140.246 195.50.140.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E65DDC-D557-4A3C-93DC-0488FAD00A79}: DhcpNameServer = 92.241.168.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5348C871-FA4C-48BA-8047-4C204317B8F4}: DhcpNameServer = 7.254.254.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell - "" = AutoRun
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell - "" = AutoRun
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell\AutoRun\command - "" = H:\steambackup2.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.23 18:52:52 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.02.16 19:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\tdsskiller
[2012.02.15 20:12:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.14 19:12:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2012.02.14 19:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.14 19:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.14 19:11:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.14 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.14 17:58:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012.02.13 17:59:32 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Avira
[2012.02.13 17:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.13 17:58:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.13 17:58:04 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.13 17:58:04 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.13 17:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.13 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2009.01.29 19:28:27 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\PrxerNsp.dll
[2009.01.26 14:40:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2009.01.26 14:40:49 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2009.01.26 14:40:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2009.01.26 14:40:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2009.01.26 14:40:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2009.01.26 14:40:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2009.01.26 14:40:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe
[2009.01.26 14:40:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2009.01.26 14:40:49 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2009.01.26 14:40:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe
[2009.01.26 14:40:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe
[2009.01.26 14:40:49 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2009.01.26 14:40:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2009.01.26 14:40:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.23 18:52:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.02.23 18:51:48 | 000,449,439 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.02.23 18:16:42 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.23 18:11:54 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.23 18:11:53 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.23 18:11:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.23 18:11:44 | 3488,735,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.22 19:03:14 | 000,026,722 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2012.02.22 14:07:55 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.21 23:30:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.02.19 21:22:12 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.02.19 21:22:12 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.02.18 14:38:07 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120221-170012.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120223-185148.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120223-185117.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120223-184832.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120221-194836.backup
[2012.02.18 14:37:58 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143807.backup
[2012.02.16 15:39:13 | 000,002,623 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Word.lnk
[2012.02.15 13:11:54 | 000,000,404 | ---- | M] () -- C:\Windows\LEXSTAT.INI
[2012.02.14 19:11:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.14 17:58:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012.02.13 17:58:20 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.11 21:16:46 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120216-200440.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143758.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143711.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120217-085149.backup
[2012.02.08 19:32:27 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120211-211646.backup
[2012.02.07 14:30:18 | 000,449,210 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120208-193227.backup
[2012.02.05 18:52:43 | 000,449,210 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120207-143018.backup
[2012.02.01 14:50:51 | 000,449,210 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120205-185243.backup
[2012.01.29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.26 19:09:46 | 000,699,116 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.26 19:09:46 | 000,655,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.26 19:09:46 | 000,156,440 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.26 19:09:46 | 000,128,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.26 19:09:25 | 000,154,624 | ---- | M] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.25 19:39:51 | 000,449,124 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120201-145051.backup
[2012.01.25 12:12:05 | 000,448,311 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120125-193951.backup
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.23 18:11:44 | 3488,735,232 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.14 19:11:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 17:58:20 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.15 05:39:42 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.08.01 18:35:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.12 22:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.06.01 13:45:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.06.01 13:45:52 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.05.26 20:17:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.26 20:17:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.05.12 20:46:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.01.13 18:18:15 | 000,000,365 | ---- | C] () -- C:\Users\Kevin\AppData\Local\postgresinstall.bat
[2011.01.04 15:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 15:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 15:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 15:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 15:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2010.05.26 19:37:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.04.28 20:31:06 | 000,000,068 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.05 18:47:36 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.02.27 13:08:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.23 16:13:27 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2010.01.27 20:46:45 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.29 12:32:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.23 20:40:51 | 000,000,762 | ---- | C] () -- C:\Windows\Edofma.INI
[2009.08.28 13:25:32 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.23 19:20:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.05.29 17:36:24 | 000,086,250 | ---- | C] () -- C:\Windows\wininit.ini
[2009.05.27 17:23:04 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2009.05.12 12:32:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.03.22 21:18:35 | 000,134,989 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.03.15 19:22:50 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.29 20:02:15 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat
[2009.01.29 19:28:29 | 000,000,386 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Current.prx
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2009.01.26 14:40:49 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2009.01.26 11:19:30 | 000,026,722 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2009.01.26 11:15:43 | 000,001,187 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.26 10:43:49 | 000,000,404 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2009.01.25 18:14:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.01.25 18:14:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.01.23 17:21:26 | 000,154,624 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.23 17:10:00 | 000,138,056 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\PnkBstrK.sys
[2009.01.23 17:09:45 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.01.23 17:09:43 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.01.23 17:09:43 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.01.23 15:28:26 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.23 15:28:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.23 15:04:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.01.23 15:04:23 | 000,026,082 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.01.23 15:03:13 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2008.01.21 08:15:58 | 000,699,116 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,156,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007.02.22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,296,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,655,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,128,292 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.25 14:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll
[1999.01.22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:437DA1922D9BCD1B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A7D1EA69
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A064CECC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:41ADDB8A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:05EE1EEF

< End of report >
--- --- ---

[/code]

Kowalski1 23.02.2012 20:53
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 23.02.2012 19:48:59 - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 33,96% Memory free
10,99 Gb Paging File | 9,03 Gb Available in Paging File | 82,19% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 73,32 Gb Free Space | 37,54% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 23,50 Gb Free Space | 8,69% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BC15B64-C369-496B-A7D8-CFFFC4738F54}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93D28C7D-657A-4A6C-9A39-E8811B331A93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9B414A25-7921-4077-8A59-B68AA7302B3D}" = lport=6112 | protocol=6 | dir=in | name=6112 |
"{A380219C-62BF-43B3-A6B1-09D5BDF70280}" = lport=1338 | protocol=6 | dir=in | name=1338 |
"{AC91602A-E785-452B-8567-15E5539F3047}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{C6D9711C-F8FC-4968-B369-15E51F4CA809}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{C84A652A-8EBA-4CB9-99A5-A971B83D8A81}" = lport=6112 | protocol=17 | dir=in | name=6112 |
"{DFEAD0CC-CDB7-455C-9249-93B9580096CA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{FDFCFF18-B31E-40CD-BD14-B5E380366C3A}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02260DC9-E8BB-4709-AE40-AC121E1B75C4}" = protocol=6 | dir=in | app=d:\program files\tunngle\tunngle.exe |
"{050717F2-A386-453C-9E2F-3E820C983899}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{0B15D919-5D5E-44A1-87D3-A138A09B8863}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{0CE501C0-FDCF-4D73-B12C-314C4B52CC81}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{102B6718-FC6C-417E-9224-A7EB457B3B58}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{10FAA7ED-BF56-49A0-9FE0-9B82B277744C}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{13EDE2F6-A665-4156-AF37-9447DE82A910}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{1711F7DC-8DB9-4F7A-8479-F04A13225919}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{1B2A3F2F-1146-4727-97EA-2CCF7BD51B64}" = protocol=17 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{2292A04C-B868-459D-B9FC-C131350CA1ED}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{23CEBD8A-3C1D-4B0E-882C-A4FCF90AB311}" = protocol=17 | dir=in | app=d:\program files\origin games\fifa 12\game\fifa.exe |
"{2424D9BB-DF60-4D8F-AE13-BC1FCB900C72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B8C018F-B057-4F7A-85A4-3ECF943216F9}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{3235C9BD-E643-4991-A705-710F9EA4A2D1}" = protocol=6 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{3518C955-624F-496D-B0BA-B30391ADAA38}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{3630A9D1-6A51-4B39-BEC9-4D15CCD4DDC0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{36C40B64-DA14-4D51-8CCC-9BBDCAFA559D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39E71065-55BB-4394-BA3A-EF8F1A446F4A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{3A483245-06E6-43D5-8775-CE3D6B3036F7}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\empire total war\empire.exe |
"{3DA9F65D-0F1B-4AC4-93FF-931F8E04C48C}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{3E262613-34F5-40BC-9945-DD865C30B995}" = protocol=17 | dir=in | app=d:\program files\guild wars\gw.exe |
"{3EC05ED4-1271-4608-A9C0-5553C6A9AFD5}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{435BA85B-268F-4C94-9075-CEF504A1F201}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4A6297F7-5AAB-451F-AB63-6DCDC1EBEE4A}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{4C9FDD42-5D44-4FC3-8E72-410A9266A9A5}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\holdemmanager.exe |
"{4E48D4A7-54F5-4CB8-BCE4-D3D267E2B647}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{538A5A86-8353-45C0-ACAC-0C5A64CDE326}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{563115A1-0AB3-403A-A358-8CC8169C7C92}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{64526B2B-07FE-4CB9-995A-EC99BD56CEC4}" = protocol=6 | dir=in | app=d:\program files\origin games\fifa 12\game\fifa.exe |
"{67992397-B7F7-48C9-AFB8-4D2413AED5C2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{68D0A40B-8F8C-450C-AFB0-108EFC58CA95}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{690B9E13-F0F1-4C73-BE7F-F9D7DE3AB7D9}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe |
"{6A07AFBB-4BCF-4EA3-B508-52A3610868DC}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{6B061DED-E945-4814-B47A-FC9F738527B4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{6D04846C-3871-404E-8733-DD022C80F67F}" = protocol=17 | dir=in | app=d:\program files\tunngle\tunngle.exe |
"{723E5170-3CBE-40B8-8F55-7AD9AC5820A3}" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{72B0DB13-159F-4B56-BE61-0FAC797EB6FF}" = protocol=6 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{750974CD-2435-4972-ADF3-F528CBC8235B}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{76DAFFCF-C701-4127-A0F9-BB5BA3FD1BB1}" = protocol=17 | dir=in | app=d:\program files\jdownloader\jdownloader.exe |
"{790146CC-0E13-491D-B8B4-BBB41C56F905}" = protocol=17 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{816D2944-2DDC-4CA2-82B1-FD5A19CBECB7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{82D89747-9AB8-4AE0-9EF0-BC90C1F3AD2B}" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{8395DC00-59CF-451E-98B3-AA3B56F4BFE8}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{84ECAE31-FC9E-4C68-8E94-D26484B812F5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{878CF526-CDEE-4F0B-9B48-3A33B6456523}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{88779E37-82FB-4FF0-B070-B60C5C67BB61}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{89D5CA6B-C59E-421F-B29A-C3139E64C405}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{8D9080F5-CBB9-4D78-9741-EB29E4137EC8}" = protocol=17 | dir=in | app=d:\program files\tunngle\tnglctrl.exe |
"{8DD8DE8D-5C60-431F-94A2-2085321DF1A0}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{8E10E4F2-102D-4313-A0C2-49FC0F8A9780}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{8F352AF1-718E-478D-A562-B315AF975D36}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\dbcontrolpanel.exe |
"{9066254F-CA05-4EAD-A4F2-C51E4E680FB5}" = protocol=17 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{90EE8DC0-423B-4889-8746-4EAA937158D5}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{91371408-6EF0-4D66-BA1A-CE2273A4C934}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{954EADF2-6428-4413-BDAA-9B642E192696}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{98A92B9B-2335-41B4-95F7-07262B5991EF}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\holdemmanager.exe |
"{9C32CA59-2829-4D89-9165-B97478D864BF}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{A2A87C3B-F9F4-4756-AD7E-E9AF4FC1330B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{A3D2E1C9-2EEE-4A9C-AA5F-070D9DF59537}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{B10D5103-085B-4117-9133-F70B2C643F75}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B2DF138E-9D08-481D-A35C-3DF328E167AD}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{B2E8F5FC-C809-4468-89C7-7BC5F4A98AEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3740786-CCE7-4F72-94A8-2144178CE1DC}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{B5F30A51-1A31-4C51-BA5B-81D57F176B3A}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{B9BA56B4-9973-4FCE-BB3F-FE3BA14D123E}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{C2C7D9BA-F032-4721-BE08-FC5CC192779B}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{C3FCFC0F-6786-4BCD-8E90-7FAC5F771B8E}" = protocol=6 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{C6EE227B-D4C8-447A-9839-F4180B9B47B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9227D88-0738-4AAF-8B83-FC1EC143C487}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{CC4BBF49-1B60-442E-89A9-B06A529E79EF}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{CF275D39-5B34-4F54-9AAC-E67D11014EF2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{D0A342DE-47F0-40E5-9DDC-26A00D484ADE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D0FF87E1-C68C-4DD2-B2D0-94E4CFC3FF1C}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D155E9CF-FB09-493B-A41C-49B03EC8F8DB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{D7C61099-0E88-4FC1-A2A7-BBD4B33A57D9}" = protocol=6 | dir=in | app=d:\program files\tunngle\tnglctrl.exe |
"{DA2244EA-B8AF-4632-9ED7-17EDC40614BC}" = protocol=6 | dir=in | app=d:\program files\jdownloader\jdownloader.exe |
"{DEF5CCD5-D345-4C7B-9B5E-7204566625EC}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{E013AFFF-F7CB-4D5B-AFDC-7A867571087C}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\empire total war\empire.exe |
"{E07CD312-6F7C-45E7-BA3B-DCCF6DDC235E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0C4163B-AFA6-4B91-A36D-BA5A74848E85}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{E1694F0D-443C-4AF3-B632-53A516E6E2D6}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\hmhud.exe |
"{E2A90B3E-2D2F-4451-98BD-3965C1E50BE7}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\dbcontrolpanel.exe |
"{E2D38A28-619B-4834-AF19-44745E421847}" = protocol=6 | dir=in | app=d:\program files\guild wars\gw.exe |
"{E3419925-96B7-4252-8A83-793EC1FC6CCF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{E9B24E58-D222-416D-9A21-7000279F0571}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{EE8BC520-C3F9-4AD8-B582-718CB0F6D022}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F322ECEA-F096-411A-949E-5C828DD2E3E5}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\hmhud.exe |
"{F32BC7EA-EE55-451E-83BA-2390596BCF5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F59FDB2E-6B16-4D9E-9E79-BAE045C89F89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA037785-B456-43D8-B5C1-23B33479A2CF}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{FA640713-D0A0-48F1-965A-F8C400DE261C}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{FBB8494F-3FBD-49A7-97CA-179BDB9729D2}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe |
"{FC00CB47-D4D8-400F-9E57-D4446BD637A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCD0F2B3-1DDD-4755-96DF-1356DAE8E10C}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{FD842E24-0121-4040-9F34-B835AF063345}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FE49D6DF-5DF5-4677-81B4-9CD40252F8C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{049D0E66-0298-4E8B-9358-D47E8FDB0C3F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{04F344EC-5E4D-43F6-AFCE-22EE95F7FB50}D:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe |
"TCP Query User{08174836-18B6-4FAA-A655-2571C7877725}D:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
"TCP Query User{0C126593-312B-4AD3-863D-8400420B58B9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{0C1461D8-90F6-4C35-AFAC-24D5E8C44CA4}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=6 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"TCP Query User{0CE0CFA6-E3A7-4CD4-B0DE-3B57D98C23EB}D:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe |
"TCP Query User{124E94B1-4E62-42E7-99E3-CC7BF683C40E}D:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=d:\program files\intervideo\dvd8\windvd.exe |
"TCP Query User{1416E868-8826-47F9-BDD3-F75ED2C5181B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{14308610-31A2-4E31-AC07-0DDBA6690333}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{1B7FE7CC-DBF3-458A-80D3-5FEA509CCE67}D:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"TCP Query User{1D2E2B02-D8A0-42C1-8466-0A36F0902BC9}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{3C0AB35C-276B-414D-A213-E54BBBB838DF}D:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"TCP Query User{49D913CB-E95A-4154-88F6-C93E1752763F}D:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=d:\program files\winhttrack\winhttrack.exe |
"TCP Query User{4FE52CA6-24AA-40ED-BDFA-005BF946FC2A}D:\program files\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=d:\program files\valve\portal 2\portal2.exe |
"TCP Query User{6AF44318-D101-489A-9755-24201C6661E6}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{6B07766E-D96C-49E9-9A06-8DA31F794839}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{6E85616E-0AC0-4DBB-A33C-812E9E52B214}C:\program files\graffiti studio 2.0\graffiti studio.exe" = protocol=6 | dir=in | app=c:\program files\graffiti studio 2.0\graffiti studio.exe |
"TCP Query User{74F4E9B8-5458-4F9F-98D5-44928363DB1E}D:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"TCP Query User{836C65D3-9920-4A7B-9412-98DB2ED728E8}D:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{90414F95-AB68-4239-BCB5-B36E9C41F391}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{94F32068-74E9-43E9-99DF-E6ADAE1FC09C}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{96097F71-1DAA-461B-829A-AB480AE296D1}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{96C6F46D-7F7E-4E33-ACEB-C16A1FE2F753}D:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{9ABA2525-3565-4259-A03E-24ADEF7EABE3}D:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=6 | dir=in | app=d:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"TCP Query User{9B5354C6-39D5-4310-BC11-D6CE303EB780}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A3890824-D3F6-4F4F-ADF3-D4E2F7ACFED5}C:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe |
"TCP Query User{AFFDAD41-1AF0-4AA9-A89B-BF912C6520A3}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{B9B481CC-80B5-410D-9E1D-3A38ADEE3F58}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{C3276851-E358-4B72-9A07-ED0D8BF93299}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E0831070-2F42-4BA3-95CC-25B22F88277D}C:\program files\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"TCP Query User{E4782409-E453-45AA-8C55-6FB1B41B9E28}C:\program files\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"TCP Query User{E89CBB6F-3FDC-4543-B1F3-49D067CCD41C}C:\users\kevin\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\kevin\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{F8783AAA-F8E2-4820-884A-9E8C25DBD531}D:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\addon.exe |
"UDP Query User{02993BB8-1AEE-451D-8FEB-F9B2BC730D15}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{0378D491-90D0-47E8-9F5F-B5BD4BA7D2D7}D:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe |
"UDP Query User{0576D843-2AB9-4805-800C-F65355E2553E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0FBE7B06-3488-4C92-ABBF-813488D24215}D:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"UDP Query User{126CC74A-8A3C-42DD-AA55-32C1862A9A4A}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=17 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"UDP Query User{2135D95F-6179-48A4-AB5F-23E6A6683DDE}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{22DC7004-F415-4A63-A3AB-CEA9D14A2A4D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{24CF0632-9E3A-427B-9A89-6CFA95A0CF0F}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{2B0C7EDD-9757-4908-839E-CE60AD3AAB94}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2ED5D616-E6CA-40E5-8295-2F8260D4C2D2}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{33234148-933E-406B-867E-4F6FE70750C6}D:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=17 | dir=in | app=d:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"UDP Query User{397800EC-ADF1-4E68-97E7-623353BC6BBB}C:\program files\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"UDP Query User{39876B57-9949-4193-B7BB-62965B7CA361}C:\program files\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"UDP Query User{3CEC3EB6-213D-4754-AAA0-F70A7DF77DB9}D:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=d:\program files\winhttrack\winhttrack.exe |
"UDP Query User{48C2ECB9-17B2-48C5-87DB-F9B1317EB174}D:\program files\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=d:\program files\valve\portal 2\portal2.exe |
"UDP Query User{48FBD34E-91B9-43EB-935F-3A037D8934F1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4BF507AB-6E70-46A7-AE59-4B242C49FF87}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{4EB37FA1-7A9F-448A-A0B2-49D36334763F}C:\program files\graffiti studio 2.0\graffiti studio.exe" = protocol=17 | dir=in | app=c:\program files\graffiti studio 2.0\graffiti studio.exe |
"UDP Query User{520A5AFE-1914-4276-82DE-EFF1AB4C6528}D:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"UDP Query User{61C080E2-1D35-4A75-AFB4-9EE03D9486F4}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{638DCCE4-D8A3-40C7-8C48-D3CF6D496BF8}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{6396DB85-D5BB-485F-87B7-A29190E1D724}D:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\addon.exe |
"UDP Query User{73909B1C-8977-416E-B65E-0E7D64AB199D}D:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"UDP Query User{7EA54910-C7E0-40AB-85D4-8C00AC544246}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{810E8CAE-E004-4F84-A689-8D452C9459AB}C:\users\kevin\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\kevin\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{84787A75-BB9D-481F-88E0-DFEAFDB53536}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8946B41A-3B34-4FD8-B8DB-25A8A8690BC0}D:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{8FAF48EF-3C10-452B-AEF0-BCECCD682355}C:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe |
"UDP Query User{A0FB9F23-81DB-4467-A9D0-96B933FC272A}D:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe |
"UDP Query User{BE02FC87-B499-4FAA-BE33-B9E5700844E5}D:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=d:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{C0D295DE-8E05-4585-843E-93FC298484EA}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{F473267A-E72F-4133-B22F-74F39EAC164F}D:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F4B67866-96DB-4695-84A5-484A19FA9DA8}D:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1459C671-45F3-4A58-8EA6-3B675460E51A}" = DO Kopfrechnen
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM)
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light
"{3230518C-2953-4FB9-8485-B3CDFCC36A70}" = Rosetta Stone Ltd Services
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE2032D-B1DA-4057-9D1E-4120F8B64367}" = DSLaufzeit
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45B4FF51-D048-46A1-AE2C-3786F2221F47}" = DSRechner
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AF9D464-6627-4FB9-AEF9-15D6C972CA84}_is1" = Minecraft Beta Version 1.7.3
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{90DA7F39-B9D4-4FB1-93A0-6B10F83E35E2}" = Wer wird Millionär - Party-Edition
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{99889189-C739-4A46-BA02-3B271A118957}" = F.E.A.R. Mission Perseus
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53BEB85-A538-4F93-BF0C-2D9770532D10}" = Lost Horizon
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}" = Condemned - Criminal Origins
"{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}" = Clive Barker's Jericho
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2F8468F-85AB-4D08-A68E-01D328E7B261}" = PokerStrategy.com Elephant
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DEED33EE-4357-4907-8F20-C1A50CC68A5A}" = USB Joystick
"{E184BB79-61A3-4B0A-86D1-12A56C0A7270}" = Painkiller Resurrection
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E71AC707-179D-458D-A1E8-F52977CAEAB4}" = M.U.D. TV
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F027C8E3-6DBD-492A-9959-7B36B1DE0D65}" = Ad-Aware
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F73D18C1-F4DA-4B9F-9C46-5185F5D3DB7C}" = F.E.A.R. 2 SP Demo
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FD025150-EEA0-4CAC-BED1-B9837783FCC8}" = ActivePerl 5.10.0 Build 1005
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"abgx360" = abgx360 v1.0.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"APP-Codejock.SuitePro.ActiveX.v12.0.1_is1" = Xtreme SuitePro ActiveX v12.0.1
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ask Toolbar_is1" = Ask Toolbar
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Black Mirror 2_is1" = Black Mirror 2
"Black Mirror III_is1" = Black Mirror III
"Brain Workshop_is1" = Brain Workshop 4.4
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dues Ex Human Revolution_is1" = Dues Ex Human Revolution
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"DyynoPlayer" = DyynoPlayer 0.8.6f.2
"EFCL SecuLauncher Error Fix v1.1 by TokZic 1.1" = EFCL SecuLauncher Error Fix v1.1 by TokZic 1.1
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"Eraser" = Eraser
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F.E.A.R. 3_is1" = F.E.A.R. 3
"F.E.A.R.2 Reborn_is1" = F.E.A.R.2 Reborn
"FeedReader_is1" = FeedReader
"FileZilla Client" = FileZilla Client 3.3.4.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Billiards 2008_is1" = Free Billiards 2008
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Game Booster_is1" = Game Booster
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Updater" = Google Updater
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"HoldemManager" = Holdem Manager
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark 510 Series" = Lexmark 510 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mikogo" = Mikogo
"MobMap_is1" = MobMap 3.55
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MyMDb_0" = MyMDb 3.6
"Nero - Burning Rom!UninstallKey" = Ahead Nero OEM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"Origin" = Origin
"PartyPoker" = PartyPoker
"Pidgin" = Pidgin
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Postal 2_is1" = Portal 2
"PostgreSQL 8.3" = PostgreSQL 8.3
"PostgreSQL 8.4" = PostgreSQL 8.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Proxifier_is1" = Proxifier version 2.7
"PunkBusterSvc" = PunkBuster Services
"Quick Memory Editor_is1" = Quick Memory Editor 5.5
"QuickPar" = QuickPar 0.9
"RealPlayer 12.0" = RealPlayer
"Schlag den Raab_is1" = Schlag den Raab
"Shockwave" = Shockwave
"SitNGoWizard" = SitNGo Wizard
"SMPlayer_is1" = SMPlayer 0.6.6
"SopCast" = SopCast 3.2.4
"Steam App 10500" = Empire: Total War
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 500" = Left 4 Dead
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TeamViewer 6" = TeamViewer 6
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TrueCrypt" = TrueCrypt
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"UseNeXT_is1" = UseNeXT
"VirusTotalUploader" = VirusTotal Uploader
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 0.9.8a
"Warcraft III" = Warcraft III
"WebMoney Agent" = WebMoney Agent
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Wecker 2.2" = Wecker 2.2 2.2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9
"WinPatrol" = WinPatrol 2008
"WinRAR archiver" = WinRAR
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"World of Warcraft" = World of Warcraft
"xampp" = XAMPP 1.7.1
"X-Chat 2_is1" = X-Chat 2.8.6-2
"Xfire" = Xfire (remove only)
"XnView_is1" = XnView 1.96.5
"xp-AntiSpy" = xp-AntiSpy 3.97
"Zygor Guides" = Zygor Guides
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)
"BrainGame" = Dr Kawashima
"Google Chrome" = Google Chrome
"Runic Games Torchlight" = Torchlight
"sc10-DE_SEVENONE_MAIN" = Big Pizza Ski Challenge 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Universal Replayer" = Universal Replayer
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.02.2012 13:13:01 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-23 18:13:01 CETFATAL:  role "SYSTEM" does not exist
 
Error - 23.02.2012 13:13:03 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-23 18:13:03 CETFATAL:  role "SYSTEM" does not exist
 
Error - 23.02.2012 13:13:04 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-23 18:13:04 CETFATAL:  role "SYSTEM" does not exist
 
Error - 23.02.2012 13:13:05 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-23 18:13:05 CETFATAL:  role "SYSTEM" does not exist
 
Error - 23.02.2012 13:13:06 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-23 18:13:06 CETFATAL:  role "SYSTEM" does not exist
 
Error - 23.02.2012 13:13:07 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-23 18:13:07 CETFATAL:  role "SYSTEM" does not exist
 
Error - 23.02.2012 13:13:08 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-23 18:13:08 CETFATAL:  role "SYSTEM" does not exist
 
Error - 23.02.2012 13:13:09 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-02-23 18:13:09 CETFATAL:  role "SYSTEM" does not exist
 
Error - 23.02.2012 15:04:54 | Computer Name = Kevin-PC | Source = ESENT | ID = 490
Description = Windows (3232) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 23.02.2012 15:04:54 | Computer Name = Kevin-PC | Source = ESENT | ID = 439
Description = Windows (3232) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
 konnte nicht geschrieben werden. Fehler -1032.
 
[ SitNGoWizard Events ]
Error - 18.10.2011 13:22:40 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.12.2011 13:44:20 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.12.2011 13:44:21 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.12.2011 13:44:30 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.12.2011 13:44:30 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.12.2011 13:44:40 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.12.2011 13:44:40 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 12.01.2012 16:45:46 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 12.01.2012 16:45:47 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 05.02.2012 17:31:48 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
[ System Events ]
Error - 23.02.2012 13:06:21 | Computer Name = Kevin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 23.02.2012 13:06:21 | Computer Name = Kevin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 23.02.2012 13:06:21 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 23.02.2012 13:06:21 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 23.02.2012 13:06:30 | Computer Name = Kevin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 23.02.2012 13:06:55 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 23.02.2012 13:06:59 | Computer Name = Kevin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 23.02.2012 13:07:01 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 23.02.2012 13:11:52 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 23.02.2012 13:13:11 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
[ TuneUp Events ]
Error - 19.02.2012 06:07:25 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-19 11:07:25', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','728',0)
 
Error - 19.02.2012 10:30:41 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-19 15:30:41', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','3208',0)
 
Error - 20.02.2012 07:11:41 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-20 12:11:41', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4244',0)
 
Error - 20.02.2012 17:25:52 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-20 22:25:52', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4452',0)
 
Error - 21.02.2012 06:11:38 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-21 11:11:38', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4152',0)
 
Error - 21.02.2012 18:28:32 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-21 23:28:32', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','2212',0)
 
Error - 22.02.2012 07:01:43 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-22 12:01:43', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4292',0)
 
Error - 23.02.2012 07:13:30 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-23 12:13:30', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','1248',0)
 
Error - 23.02.2012 12:51:27 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-23 17:51:27', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','5876',0)
 
Error - 23.02.2012 13:15:15 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-23 18:15:15', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4700',0)
 
 
< End of report >
--- --- ---

[/code]

Chris4You 24.02.2012 12:43
Hi,

das Teil kommt über eine Sicherheitslücke beim Surfen rein, daher nur noch einen Guest-Account nutzen...

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:

:OTL
SRV - (BVWYVEOMKJJ) --  File not found
IE - HKLM\..\URLSearchHook:  - SOFTWARE\Classes\CLSID\\LocalServer32 File not found
O1 - Hosts: ::1            localhost
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
@Alternate Data Stream - 72 bytes -> C:\Windows:437DA1922D9BCD1B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A7D1EA69
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A064CECC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:41ADDB8A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:05EE1EEF


:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Zustätzlich MAM updaten und Fullscan...

Es wurde ein Treiber installiert, daher auch noch mal den Killer laufen lassen...
und
MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris

Kowalski1 27.02.2012 12:30
Sorry wiedermal das ich solang brauch um zu antworten.

OTL:

Code:
All processes killed
========== OTL ==========
Service BVWYVEOMKJJ stopped successfully!
Service BVWYVEOMKJJ deleted successfully!
File  File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
::1 localhost removed from HOSTS file successfully
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ deleted successfully.
C:\Programme\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
ADS C:\Windows:437DA1922D9BCD1B deleted successfully.
ADS C:\ProgramData\Temp:A7D1EA69 deleted successfully.
ADS C:\ProgramData\Temp:A064CECC deleted successfully.
ADS C:\ProgramData\Temp:41ADDB8A deleted successfully.
ADS C:\ProgramData\Temp:05EE1EEF deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kevin
->Temp folder emptied: 14069581 bytes
->Temporary Internet Files folder emptied: 4366143 bytes
->Java cache emptied: 7972 bytes
->FireFox cache emptied: 45266896 bytes
->Google Chrome cache emptied: 56490186 bytes
->Flash cache emptied: 2113 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: x
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 590304 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 115,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 02242012_211441

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Kowalski1 27.02.2012 12:30
MAM

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.23.02

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Kevin :: KEVIN-PC [Administrator]

Schutz: Deaktiviert

23.02.2012 18:53:24
mbam-log-2012-02-23 (18-53-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 536603
Laufzeit: 3 Stunde(n), 25 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Das andere kommt später :)

Kowalski1 27.02.2012 15:38
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:        ASUSTeK Computer INC.
BIOS Manufacturer:                American Megatrends Inc.
System Manufacturer:                System manufacturer
System Product Name:                System Product Name
Logical Drives Mask:                0x0000007d

Kernel Drivers (total 148):
  0x81C13000 \SystemRoot\system32\ntkrnlpa.exe
  0x81FCC000 \SystemRoot\system32\hal.dll
  0x8040A000 \SystemRoot\system32\kdcom.dll
  0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80472000 \SystemRoot\system32\PSHED.dll
  0x80483000 \SystemRoot\system32\BOOTVID.dll
  0x8048B000 \SystemRoot\system32\CLFS.SYS
  0x804CC000 \SystemRoot\system32\CI.dll
  0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80693000 \SystemRoot\system32\drivers\acpi.sys
  0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806EA000 \SystemRoot\system32\drivers\pci.sys
  0x80711000 \SystemRoot\System32\drivers\partmgr.sys
  0x80720000 \SystemRoot\system32\drivers\volmgr.sys
  0x8072F000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80779000 \SystemRoot\system32\drivers\pciide.sys
  0x80780000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8078E000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8079E000 \SystemRoot\system32\drivers\atapi.sys
  0x807A6000 \SystemRoot\system32\drivers\ataport.SYS
  0x807C4000 \SystemRoot\system32\drivers\fltmgr.sys
  0x805AC000 \SystemRoot\system32\drivers\fileinfo.sys
  0x805BC000 \SystemRoot\system32\DRIVERS\Lbd.sys
  0x8220A000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8227B000 \SystemRoot\system32\drivers\ndis.sys
  0x82386000 \SystemRoot\system32\drivers\msrpc.sys
  0x823B1000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8A60A000 \SystemRoot\System32\drivers\tcpip.sys
  0x8A6F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8A803000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A912000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A94B000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A953000 \SystemRoot\System32\Drivers\mup.sys
  0x8A962000 \SystemRoot\System32\drivers\ecache.sys
  0x8A989000 \SystemRoot\system32\drivers\disk.sys
  0x8A99A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A9BB000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8A9E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8A9EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8A70C000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8EE00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8F562000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x8A71B000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F564000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F571000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8F57C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8F5BA000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8F5C9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F5DB000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8A7BA000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x8A9F8000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0x8A7C5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8A7D8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8A7E3000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x805CB000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8A7EE000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x8A7F8000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
  0x805E5000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8A600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8F60E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8F63C000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8F67D000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F688000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F69F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8F6AA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F6CD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8F6DC000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8F6F0000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8F705000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0x8F70A000 \SystemRoot\system32\DRIVERS\tap0801.sys
  0x8F715000 \SystemRoot\system32\DRIVERS\tap0901t.sys
  0x8F720000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F730000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F732000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F75C000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x8F799000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8F7A3000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F7B0000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8F7E4000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8F7EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x91C06000 \SystemRoot\system32\drivers\viahduaa.sys
  0x91CE3000 \SystemRoot\system32\drivers\portcls.sys
  0x91D10000 \SystemRoot\system32\drivers\drmk.sys
  0x91D35000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x91D3E000 \SystemRoot\System32\Drivers\Null.SYS
  0x91D45000 \SystemRoot\System32\Drivers\Beep.SYS
  0x91D4C000 \SystemRoot\System32\drivers\vga.sys
  0x91D58000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x91D79000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x91D81000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x91D89000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x91D94000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x91DA2000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x91DAB000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x91DC1000 \SystemRoot\system32\DRIVERS\smb.sys
  0x91E02000 \SystemRoot\system32\drivers\afd.sys
  0x91E4A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x91E7C000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x91E85000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x91E9B000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x91EA9000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x91EBC000 \SystemRoot\System32\drivers\truecrypt.sys
  0x91EF1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x91EF7000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x91F33000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x91F3D000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x91F42000 \SystemRoot\System32\Drivers\dfsc.sys
  0x91F59000 \SystemRoot\system32\DRIVERS\avkmgr.sys
  0x91F65000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x91F8A000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x91F97000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x91FA2000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x91FAA000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x91FB4000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x996F0000 \SystemRoot\System32\win32k.sys
  0x91FB6000 \SystemRoot\System32\drivers\Dxapi.sys
  0x91FC0000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x99910000 \SystemRoot\System32\TSDDD.dll
  0x99930000 \SystemRoot\System32\cdd.dll
  0x91FCF000 \SystemRoot\system32\drivers\luafv.sys
  0x91DD5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9EE0D000 \SystemRoot\system32\drivers\spsys.sys
  0x9EEBC000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9EECC000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9EEDF000 \SystemRoot\system32\drivers\HTTP.sys
  0x9EF4A000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x9EF53000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9EF70000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9EF89000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9EF9E000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9EFBE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA240E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA2447000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA245F000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA2486000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA24D2000 \??\C:\Windows\system32\drivers\acedrv11.sys
  0xA24FE000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA2541000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xAD20C000 \SystemRoot\system32\drivers\peauth.sys
  0xAD2EA000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xAD2F4000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAD300000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xAD316000 \??\C:\Windows\system32\FsUsbExDisk.SYS
  0xAD31F000 \??\C:\Windows\system32\drivers\mbam.sys
  0xAD323000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
  0x77700000 \Windows\System32\ntdll.dll

Processes (total 89):
      0 System Idle Process
      4 SYSTEM
    416 C:\Windows\System32\smss.exe
    492 csrss.exe
    556 C:\Windows\System32\wininit.exe
    568 csrss.exe
    600 C:\Windows\System32\services.exe
    612 C:\Windows\System32\lsass.exe
    620 C:\Windows\System32\lsm.exe
    660 C:\Windows\System32\winlogon.exe
    824 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\nvvsvc.exe
    888 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    924 C:\Windows\System32\svchost.exe
    976 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1216 C:\Windows\System32\audiodg.exe
    1240 C:\Windows\System32\svchost.exe
    1260 C:\Windows\System32\SLsvc.exe
    1316 C:\Windows\System32\svchost.exe
    1364 C:\Windows\System32\rundll32.exe
    1468 C:\Windows\System32\svchost.exe
    1560 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    1764 C:\Windows\System32\LEXBCES.EXE
    1788 C:\Windows\System32\LEXPPS.EXE
    1856 C:\Windows\System32\spoolsv.exe
    1908 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1932 C:\Windows\System32\svchost.exe
    316 C:\Windows\System32\dwm.exe
    320 C:\Windows\System32\taskeng.exe
      12 C:\Windows\explorer.exe
    1348 C:\Windows\System32\taskeng.exe
    2296 C:\Program Files\Windows Defender\MSASCui.exe
    2312 C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
    2320 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    2340 C:\Program Files\Real\RealPlayer\Update\realsched.exe
    2392 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    2440 C:\Windows\System32\rundll32.exe
    2464 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2472 C:\Program Files\Windows Sidebar\sidebar.exe
    2480 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    2492 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2516 D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    2936 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2964 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    2984 C:\Program Files\Bonjour\mDNSResponder.exe
    3020 C:\Windows\System32\FsUsbExService.Exe
    3200 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    3272 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
    3288 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    3316 C:\Windows\System32\lxbccoms.exe
    3364 C:\Windows\System32\PnkBstrA.exe
    3376 C:\Windows\System32\PnkBstrB.exe
    3388 C:\Windows\System32\svchost.exe
    3448 C:\Windows\System32\svchost.exe
    3664 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    3708 C:\Windows\System32\TUProgSt.exe
    3728 D:\Program Files\Tunngle\TnglCtrl.exe
    3760 C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    3868 C:\Windows\System32\svchost.exe
    3912 C:\Windows\System32\SearchIndexer.exe
    4004 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    808 C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    2056 C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    2052 C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    1592 C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
    820 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1508 unsecapp.exe
    3840 WmiPrvSE.exe
    1292 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    1196 C:\Program Files\Google\Update\GoogleUpdate.exe
    3832 C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    2696 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    3816 C:\Program Files\Avira\AntiVir Desktop\avscan.exe
    464 C:\Program Files\Avira\AntiVir Desktop\avscan.exe
    1732 C:\Windows\System32\VSSVC.exe
    2292 C:\Windows\System32\svchost.exe
    2148 C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    916 C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    4220 C:\Windows\System32\rundll32.exe
    4228 C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
    4928 D:\Program Files\Mozilla Firefox\firefox.exe
    5296 D:\Program Files\Mozilla Firefox\plugin-container.exe
    3604 C:\Windows\System32\SearchProtocolHost.exe
    5676 C:\Windows\System32\SearchFilterHost.exe
    5584 C:\Users\Kevin\Desktop\MBRCheck.exe
    5844 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`d4100000  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-13

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Chris4You 27.02.2012 16:47
Hi,

bitte noch Killer...
Da der Treiber "unsichtbar" war, sollten wir noch GMER bemühen...

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

chris

Kowalski1 27.02.2012 18:28
Hi,

sorry das mit dem Killer hab ich ganz überlesen...
Hab wieder bei allen Fünden Skip gemacht.

Code:
18:26:29.0154 5824        TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
18:26:29.0263 5824        ============================================================
18:26:29.0263 5824        Current date / time: 2012/02/27 18:26:29.0263
18:26:29.0263 5824        SystemInfo:
18:26:29.0263 5824       
18:26:29.0263 5824        OS Version: 6.0.6001 ServicePack: 1.0
18:26:29.0263 5824        Product type: Workstation
18:26:29.0263 5824        ComputerName: KEVIN-PC
18:26:29.0263 5824        UserName: Kevin
18:26:29.0263 5824        Windows directory: C:\Windows
18:26:29.0263 5824        System windows directory: C:\Windows
18:26:29.0263 5824        Processor architecture: Intel x86
18:26:29.0263 5824        Number of processors: 4
18:26:29.0263 5824        Page size: 0x1000
18:26:29.0263 5824        Boot type: Normal boot
18:26:29.0263 5824        ============================================================
18:26:30.0417 5824        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:26:30.0417 5824        \Device\Harddisk0\DR0:
18:26:30.0433 5824        MBR used
18:26:30.0433 5824        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x186A0000
18:26:30.0433 5824        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x21CE5000
18:26:30.0542 5824        Initialize success
18:26:30.0542 5824        ============================================================
18:26:55.0611 5336        ============================================================
18:26:55.0611 5336        Scan started
18:26:55.0611 5336        Mode: Manual; SigCheck; TDLFS;
18:26:55.0611 5336        ============================================================
18:26:56.0345 5336        acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
18:26:56.0485 5336        acedrv11 - ok
18:26:56.0516 5336        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
18:26:56.0532 5336        ACPI - ok
18:26:56.0563 5336        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:26:56.0579 5336        adp94xx - ok
18:26:56.0594 5336        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:26:56.0610 5336        adpahci - ok
18:26:56.0625 5336        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:26:56.0641 5336        adpu160m - ok
18:26:56.0641 5336        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:26:56.0657 5336        adpu320 - ok
18:26:56.0688 5336        AFD            (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
18:26:56.0781 5336        AFD - ok
18:26:56.0781 5336        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:26:56.0797 5336        agp440 - ok
18:26:56.0797 5336        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:26:56.0813 5336        aic78xx - ok
18:26:56.0844 5336        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:26:56.0859 5336        aliide - ok
18:26:56.0875 5336        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:26:56.0875 5336        amdagp - ok
18:26:56.0891 5336        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:26:56.0906 5336        amdide - ok
18:26:56.0906 5336        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:26:56.0953 5336        AmdK7 - ok
18:26:56.0953 5336        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:26:56.0984 5336        AmdK8 - ok
18:26:57.0047 5336        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:26:57.0047 5336        arc - ok
18:26:57.0062 5336        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:26:57.0062 5336        arcsas - ok
18:26:57.0078 5336        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:26:57.0109 5336        AsyncMac - ok
18:26:57.0140 5336        atapi          (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
18:26:57.0140 5336        atapi - ok
18:26:57.0171 5336        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
18:26:57.0187 5336        atksgt - ok
18:26:57.0218 5336        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:26:57.0234 5336        avgntflt - ok
18:26:57.0249 5336        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
18:26:57.0249 5336        avipbb - ok
18:26:57.0281 5336        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:26:57.0281 5336        avkmgr - ok
18:26:57.0296 5336        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:26:57.0359 5336        Beep - ok
18:26:57.0374 5336        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:26:57.0421 5336        blbdrive - ok
18:26:57.0437 5336        bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
18:26:57.0468 5336        bowser - ok
18:26:57.0483 5336        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:26:57.0530 5336        BrFiltLo - ok
18:26:57.0530 5336        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:26:57.0561 5336        BrFiltUp - ok
18:26:57.0593 5336        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:26:57.0717 5336        Brserid - ok
18:26:57.0733 5336        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:26:57.0780 5336        BrSerWdm - ok
18:26:57.0795 5336        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:26:57.0842 5336        BrUsbMdm - ok
18:26:57.0858 5336        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:26:57.0905 5336        BrUsbSer - ok
18:26:57.0920 5336        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:26:57.0967 5336        BTHMODEM - ok
18:26:57.0983 5336        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:26:57.0998 5336        cdfs - ok
18:26:58.0029 5336        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
18:26:58.0045 5336        cdrom - ok
18:26:58.0076 5336        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:26:58.0107 5336        circlass - ok
18:26:58.0123 5336        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
18:26:58.0139 5336        CLFS - ok
18:26:58.0154 5336        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:26:58.0170 5336        cmdide - ok
18:26:58.0170 5336        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
18:26:58.0185 5336        Compbatt - ok
18:26:58.0201 5336        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:26:58.0217 5336        crcdisk - ok
18:26:58.0232 5336        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:26:58.0248 5336        Crusoe - ok
18:26:58.0279 5336        DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
18:26:58.0310 5336        DfsC - ok
18:26:58.0310 5336        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
18:26:58.0326 5336        disk - ok
18:26:58.0357 5336        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:26:58.0388 5336        drmkaud - ok
18:26:58.0419 5336        dtsoftbus01    (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:26:58.0419 5336        dtsoftbus01 - ok
18:26:58.0451 5336        DXGKrnl        (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
18:26:58.0497 5336        DXGKrnl - ok
18:26:58.0529 5336        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:26:58.0560 5336        E1G60 - ok
18:26:58.0575 5336        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
18:26:58.0591 5336        Ecache - ok
18:26:58.0622 5336        ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
18:26:58.0638 5336        ElbyCDFL - ok
18:26:58.0653 5336        ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:26:58.0669 5336        ElbyCDIO - ok
18:26:58.0685 5336        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:26:58.0700 5336        elxstor - ok
18:26:58.0731 5336        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:26:58.0763 5336        ErrDev - ok
18:26:58.0794 5336        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
18:26:58.0856 5336        exfat - ok
18:26:58.0887 5336        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
18:26:58.0950 5336        fastfat - ok
18:26:58.0981 5336        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:26:59.0012 5336        fdc - ok
18:26:59.0028 5336        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:26:59.0028 5336        FileInfo - ok
18:26:59.0059 5336        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:26:59.0090 5336        Filetrace - ok
18:26:59.0106 5336        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:26:59.0153 5336        flpydisk - ok
18:26:59.0168 5336        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
18:26:59.0184 5336        FltMgr - ok
18:26:59.0231 5336        FsUsbExDisk    (10398b515653442a5b89fdf6a1d06180) C:\Windows\system32\FsUsbExDisk.SYS
18:26:59.0246 5336        FsUsbExDisk - ok
18:26:59.0246 5336        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:26:59.0293 5336        Fs_Rec - ok
18:26:59.0309 5336        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:26:59.0324 5336        gagp30kx - ok
18:26:59.0340 5336        GEARAspiWDM    (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:26:59.0340 5336        GEARAspiWDM - ok
18:26:59.0387 5336        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
18:26:59.0387 5336        hamachi - ok
18:26:59.0418 5336        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:26:59.0465 5336        HdAudAddService - ok
18:26:59.0480 5336        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:26:59.0511 5336        HDAudBus - ok
18:26:59.0527 5336        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:26:59.0574 5336        HidBth - ok
18:26:59.0621 5336        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:26:59.0683 5336        HidIr - ok
18:26:59.0730 5336        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
18:26:59.0761 5336        HidUsb - ok
18:26:59.0777 5336        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:26:59.0792 5336        HpCISSs - ok
18:26:59.0823 5336        HTTP            (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
18:26:59.0870 5336        HTTP - ok
18:26:59.0886 5336        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:26:59.0901 5336        i2omp - ok
18:26:59.0901 5336        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:26:59.0933 5336        i8042prt - ok
18:26:59.0948 5336        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:26:59.0964 5336        iaStorV - ok
18:26:59.0979 5336        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:26:59.0995 5336        iirsp - ok
18:27:00.0011 5336        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:27:00.0026 5336        intelide - ok
18:27:00.0042 5336        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:27:00.0073 5336        intelppm - ok
18:27:00.0089 5336        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:27:00.0120 5336        IpFilterDriver - ok
18:27:00.0120 5336        IpInIp - ok
18:27:00.0167 5336        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:27:00.0198 5336        IPMIDRV - ok
18:27:00.0229 5336        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:27:00.0260 5336        IPNAT - ok
18:27:00.0276 5336        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:27:00.0307 5336        IRENUM - ok
18:27:00.0323 5336        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:27:00.0338 5336        isapnp - ok
18:27:00.0369 5336        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
18:27:00.0385 5336        iScsiPrt - ok
18:27:00.0401 5336        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:27:00.0416 5336        iteatapi - ok
18:27:00.0432 5336        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:27:00.0432 5336        iteraid - ok
18:27:00.0463 5336        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:27:00.0463 5336        kbdclass - ok
18:27:00.0479 5336        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:27:00.0494 5336        kbdhid - ok
18:27:00.0525 5336        KSecDD          (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
18:27:00.0541 5336        KSecDD - ok
18:27:00.0650 5336        Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
18:27:00.0666 5336        Lavasoft Kernexplorer - ok
18:27:00.0681 5336        Lbd            (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
18:27:00.0681 5336        Lbd - ok
18:27:00.0713 5336        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
18:27:00.0728 5336        lirsgt - ok
18:27:00.0744 5336        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:27:00.0775 5336        lltdio - ok
18:27:00.0806 5336        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:27:00.0822 5336        LSI_FC - ok
18:27:00.0837 5336        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:27:00.0853 5336        LSI_SAS - ok
18:27:00.0869 5336        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:27:00.0884 5336        LSI_SCSI - ok
18:27:00.0884 5336        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:27:00.0915 5336        luafv - ok
18:27:00.0962 5336        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:27:00.0978 5336        MBAMProtector - ok
18:27:00.0993 5336        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:27:01.0009 5336        megasas - ok
18:27:01.0025 5336        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:27:01.0040 5336        MegaSR - ok
18:27:01.0071 5336        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:27:01.0087 5336        Modem - ok
18:27:01.0118 5336        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:27:01.0165 5336        monitor - ok
18:27:01.0290 5336        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:27:01.0290 5336        mouclass - ok
18:27:01.0337 5336        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
18:27:01.0368 5336        mouhid - ok
18:27:01.0383 5336        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:27:01.0383 5336        MountMgr - ok
18:27:01.0415 5336        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:27:01.0415 5336        mpio - ok
18:27:01.0446 5336        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:27:01.0477 5336        mpsdrv - ok
18:27:01.0508 5336        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:27:01.0524 5336        Mraid35x - ok
18:27:01.0539 5336        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
18:27:01.0586 5336        MRxDAV - ok
18:27:01.0602 5336        mrxsmb          (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:27:01.0633 5336        mrxsmb - ok
18:27:01.0664 5336        mrxsmb10        (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:27:01.0727 5336        mrxsmb10 - ok
18:27:01.0727 5336        mrxsmb20        (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:27:01.0758 5336        mrxsmb20 - ok
18:27:01.0789 5336        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:27:01.0789 5336        msahci - ok
18:27:01.0820 5336        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:27:01.0820 5336        msdsm - ok
18:27:01.0836 5336        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:27:01.0883 5336        Msfs - ok
18:27:01.0883 5336        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:27:01.0898 5336        msisadrv - ok
18:27:01.0914 5336        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:27:01.0945 5336        MSKSSRV - ok
18:27:01.0976 5336        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:27:02.0007 5336        MSPCLOCK - ok
18:27:02.0023 5336        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:27:02.0039 5336        MSPQM - ok
18:27:02.0054 5336        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
18:27:02.0070 5336        MsRPC - ok
18:27:02.0085 5336        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:27:02.0101 5336        mssmbios - ok
18:27:02.0117 5336        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:27:02.0163 5336        MSTEE - ok
18:27:02.0195 5336        MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
18:27:02.0226 5336        MTsensor - ok
18:27:02.0257 5336        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
18:27:02.0257 5336        Mup - ok
18:27:02.0288 5336        NativeWifiP    (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
18:27:02.0319 5336        NativeWifiP - ok
18:27:02.0366 5336        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
18:27:02.0382 5336        NDIS - ok
18:27:02.0397 5336        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:27:02.0429 5336        NdisTapi - ok
18:27:02.0444 5336        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:27:02.0475 5336        Ndisuio - ok
18:27:02.0491 5336        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
18:27:02.0507 5336        NdisWan - ok
18:27:02.0522 5336        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:27:02.0569 5336        NDProxy - ok
18:27:02.0585 5336        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:27:02.0616 5336        NetBIOS - ok
18:27:02.0647 5336        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
18:27:02.0694 5336        netbt - ok
18:27:02.0709 5336        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:27:02.0725 5336        nfrd960 - ok
18:27:02.0741 5336        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
18:27:02.0772 5336        Npfs - ok
18:27:02.0803 5336        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:27:02.0834 5336        nsiproxy - ok
18:27:02.0865 5336        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
18:27:02.0912 5336        Ntfs - ok
18:27:02.0928 5336        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:27:03.0068 5336        ntrigdigi - ok
18:27:03.0084 5336        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:27:03.0115 5336        Null - ok
18:27:03.0365 5336        nvlddmkm        (0013f8cf1322487fb247eae56ef0ed90) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:27:03.0614 5336        nvlddmkm - ok
18:27:03.0630 5336        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:27:03.0645 5336        nvraid - ok
18:27:03.0661 5336        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:27:03.0677 5336        nvstor - ok
18:27:03.0692 5336        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:27:03.0708 5336        nv_agp - ok
18:27:03.0708 5336        NwlnkFlt - ok
18:27:03.0723 5336        NwlnkFwd - ok
18:27:03.0739 5336        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:27:03.0786 5336        ohci1394 - ok
18:27:03.0817 5336        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:27:03.0879 5336        Parport - ok
18:27:03.0895 5336        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
18:27:03.0895 5336        partmgr - ok
18:27:03.0911 5336        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:27:03.0973 5336        Parvdm - ok
18:27:03.0989 5336        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
18:27:04.0004 5336        pci - ok
18:27:04.0020 5336        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:27:04.0035 5336        pciide - ok
18:27:04.0051 5336        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:27:04.0067 5336        pcmcia - ok
18:27:04.0113 5336        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:27:04.0176 5336        PEAUTH - ok
18:27:04.0238 5336        PnkBstrK        (db7f8840c92865ca6f3d2db063a5b999) C:\Windows\system32\drivers\PnkBstrK.sys
18:27:04.0238 5336        PnkBstrK - ok
18:27:04.0269 5336        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:27:04.0316 5336        PptpMiniport - ok
18:27:04.0316 5336        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:27:04.0347 5336        Processor - ok
18:27:04.0394 5336        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
18:27:04.0441 5336        PSched - ok
18:27:04.0472 5336        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:27:04.0503 5336        ql2300 - ok
18:27:04.0535 5336        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:27:04.0535 5336        ql40xx - ok
18:27:04.0566 5336        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:27:04.0581 5336        QWAVEdrv - ok
18:27:04.0597 5336        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:27:04.0628 5336        RasAcd - ok
18:27:04.0644 5336        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:27:04.0659 5336        Rasl2tp - ok
18:27:04.0675 5336        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
18:27:04.0706 5336        RasPppoe - ok
18:27:04.0737 5336        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
18:27:04.0753 5336        RasSstp - ok
18:27:04.0784 5336        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
18:27:04.0800 5336        rdbss - ok
18:27:04.0815 5336        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:27:04.0831 5336        RDPCDD - ok
18:27:04.0862 5336        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:27:04.0893 5336        rdpdr - ok
18:27:04.0893 5336        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:27:04.0925 5336        RDPENCDD - ok
18:27:04.0956 5336        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
18:27:05.0018 5336        RDPWD - ok
18:27:05.0049 5336        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:27:05.0081 5336        rspndr - ok
18:27:05.0112 5336        RTL8169        (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:27:05.0159 5336        RTL8169 - ok
18:27:05.0174 5336        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:27:05.0190 5336        sbp2port - ok
18:27:05.0205 5336        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:27:05.0268 5336        secdrv - ok
18:27:05.0283 5336        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
18:27:05.0330 5336        Serenum - ok
18:27:05.0346 5336        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
18:27:05.0377 5336        Serial - ok
18:27:05.0393 5336        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:27:05.0424 5336        sermouse - ok
18:27:05.0439 5336        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:27:05.0471 5336        sffdisk - ok
18:27:05.0486 5336        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:27:05.0517 5336        sffp_mmc - ok
18:27:05.0533 5336        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:27:05.0564 5336        sffp_sd - ok
18:27:05.0580 5336        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:27:05.0642 5336        sfloppy - ok
18:27:05.0689 5336        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:27:05.0705 5336        sisagp - ok
18:27:05.0720 5336        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:27:05.0736 5336        SiSRaid2 - ok
18:27:05.0751 5336        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:27:05.0751 5336        SiSRaid4 - ok
18:27:05.0783 5336        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
18:27:05.0814 5336        Smb - ok
18:27:05.0829 5336        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:27:05.0845 5336        spldr - ok
18:27:05.0861 5336        sptd - ok
18:27:05.0892 5336        srv            (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
18:27:05.0939 5336        srv - ok
18:27:05.0954 5336        srv2            (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
18:27:05.0970 5336        srv2 - ok
18:27:05.0985 5336        srvnet          (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
18:27:06.0017 5336        srvnet - ok
18:27:06.0032 5336        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:27:06.0048 5336        ssmdrv - ok
18:27:06.0079 5336        ss_bbus        (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
18:27:06.0079 5336        ss_bbus - ok
18:27:06.0126 5336        ss_bmdfl        (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:27:06.0126 5336        ss_bmdfl - ok
18:27:06.0141 5336        ss_bmdm        (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:27:06.0157 5336        ss_bmdm - ok
18:27:06.0173 5336        ss_bserd        (994d2e5378cc337ec7dd73c1e04fcaa4) C:\Windows\system32\DRIVERS\ss_bserd.sys
18:27:06.0188 5336        ss_bserd - ok
18:27:06.0204 5336        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:27:06.0219 5336        swenum - ok
18:27:06.0251 5336        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:27:06.0251 5336        Symc8xx - ok
18:27:06.0266 5336        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:27:06.0282 5336        Sym_hi - ok
18:27:06.0297 5336        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:27:06.0313 5336        Sym_u3 - ok
18:27:06.0344 5336        tap0801        (0c82061920a2de35d33c2c2bb83b1e98) C:\Windows\system32\DRIVERS\tap0801.sys
18:27:06.0360 5336        tap0801 ( UnsignedFile.Multi.Generic ) - warning
18:27:06.0360 5336        tap0801 - detected UnsignedFile.Multi.Generic (1)
18:27:06.0407 5336        tap0901t        (b7aee68d2e867cbf69b649b18fcedbbb) C:\Windows\system32\DRIVERS\tap0901t.sys
18:27:06.0438 5336        tap0901t ( UnsignedFile.Multi.Generic ) - warning
18:27:06.0438 5336        tap0901t - detected UnsignedFile.Multi.Generic (1)
18:27:06.0485 5336        Tcpip          (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
18:27:06.0531 5336        Tcpip - ok
18:27:06.0563 5336        Tcpip6          (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
18:27:06.0594 5336        Tcpip6 - ok
18:27:06.0641 5336        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
18:27:06.0672 5336        tcpipreg - ok
18:27:06.0703 5336        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:27:06.0734 5336        TDPIPE - ok
18:27:06.0765 5336        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:27:06.0781 5336        TDTCP - ok
18:27:06.0843 5336        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
18:27:06.0875 5336        tdx - ok
18:27:06.0921 5336        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
18:27:06.0921 5336        TermDD - ok
18:27:06.0953 5336        truecrypt      (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
18:27:06.0968 5336        truecrypt - ok
18:27:06.0984 5336        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:27:07.0015 5336        tssecsrv - ok
18:27:07.0046 5336        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:27:07.0077 5336        tunmp - ok
18:27:07.0093 5336        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
18:27:07.0124 5336        tunnel - ok
18:27:07.0140 5336        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:27:07.0155 5336        uagp35 - ok
18:27:07.0187 5336        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
18:27:07.0202 5336        udfs - ok
18:27:07.0233 5336        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:27:07.0233 5336        uliagpkx - ok
18:27:07.0265 5336        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:27:07.0280 5336        uliahci - ok
18:27:07.0296 5336        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:27:07.0311 5336        UlSata - ok
18:27:07.0327 5336        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:27:07.0343 5336        ulsata2 - ok
18:27:07.0343 5336        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:27:07.0374 5336        umbus - ok
18:27:07.0452 5336        UnlockerDriver5 (4847639d852763ee39415c929470f672) D:\Program Files\Unlocker\UnlockerDriver5.sys
18:27:07.0467 5336        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
18:27:07.0467 5336        UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
18:27:07.0483 5336        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
18:27:07.0545 5336        usbccgp - ok
18:27:07.0561 5336        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:27:07.0608 5336        usbcir - ok
18:27:07.0623 5336        usbehci        (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
18:27:07.0639 5336        usbehci - ok
18:27:07.0670 5336        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
18:27:07.0686 5336        usbhub - ok
18:27:07.0701 5336        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:27:07.0748 5336        usbohci - ok
18:27:07.0764 5336        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:27:07.0795 5336        usbprint - ok
18:27:07.0826 5336        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:27:07.0857 5336        USBSTOR - ok
18:27:07.0889 5336        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:27:07.0904 5336        usbuhci - ok
18:27:07.0920 5336        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:27:07.0951 5336        vga - ok
18:27:07.0982 5336        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:27:08.0013 5336        VgaSave - ok
18:27:08.0029 5336        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:27:08.0045 5336        viaagp - ok
18:27:08.0060 5336        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:27:08.0091 5336        ViaC7 - ok
18:27:08.0123 5336        VIAHdAudAddService (dbac5431300999968f01772c4162459b) C:\Windows\system32\drivers\viahduaa.sys
18:27:08.0185 5336        VIAHdAudAddService - ok
18:27:08.0201 5336        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:27:08.0201 5336        viaide - ok
18:27:08.0216 5336        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:27:08.0216 5336        volmgr - ok
18:27:08.0247 5336        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
18:27:08.0263 5336        volmgrx - ok
18:27:08.0263 5336        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
18:27:08.0279 5336        volsnap - ok
18:27:08.0294 5336        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:27:08.0310 5336        vsmraid - ok
18:27:08.0341 5336        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:27:08.0388 5336        WacomPen - ok
18:27:08.0403 5336        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:27:08.0435 5336        Wanarp - ok
18:27:08.0435 5336        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:27:08.0450 5336        Wanarpv6 - ok
18:27:08.0481 5336        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:27:08.0497 5336        Wd - ok
18:27:08.0528 5336        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:27:08.0544 5336        Wdf01000 - ok
18:27:08.0591 5336        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:27:08.0622 5336        WmiAcpi - ok
18:27:08.0669 5336        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
18:27:08.0700 5336        WpdUsb - ok
18:27:08.0715 5336        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:27:08.0747 5336        ws2ifsl - ok
18:27:08.0778 5336        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:27:08.0793 5336        WUDFRd - ok
18:27:08.0825 5336        xusb21          (09e5340bd9b2cb730bf4dc6be7721291) C:\Windows\system32\DRIVERS\xusb21.sys
18:27:08.0840 5336        xusb21 - ok
18:27:08.0856 5336        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:27:08.0949 5336        \Device\Harddisk0\DR0 - ok
18:27:08.0949 5336        Boot (0x1200)  (3ff2536bbf76f6bf2f12a49c28aeddb5) \Device\Harddisk0\DR0\Partition0
18:27:08.0949 5336        \Device\Harddisk0\DR0\Partition0 - ok
18:27:08.0981 5336        Boot (0x1200)  (fc63592dad1cf7caa0aa2295b766e5e7) \Device\Harddisk0\DR0\Partition1
18:27:08.0981 5336        \Device\Harddisk0\DR0\Partition1 - ok
18:27:08.0981 5336        ============================================================
18:27:08.0981 5336        Scan finished
18:27:08.0981 5336        ============================================================
18:27:08.0996 3744        Detected object count: 3
18:27:08.0996 3744        Actual detected object count: 3
18:27:36.0062 3744        tap0801 ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:36.0062 3744        tap0801 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:36.0062 3744        tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:36.0062 3744        tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:36.0062 3744        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:36.0062 3744        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gmer werde ich nacher ausführen.
Vielen Dank schonmal für alles :)

Chris4You 28.02.2012 07:32
Hi,

sieht bisher ok aus (die "Virtual Network Drive" hatten wir ja schon, und unlocker auch)...

Mich interessiert der unsichtbare Treiber, daher alle Files in dem Ordner
C:\_OTL\MovedFiles\ packen und dann wie folgt hochladen:
Datei hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html
Folge den Anweisungen dort und lade die Datei:
Code:
-> gepacktes File von C:\_OTL\MovedFiles\
hoch.

chris

Kowalski1 29.02.2012 18:13
Hab ich gemacht :)

Chris4You 29.02.2012 19:57
Hi,

Danke, schaue es mir morgen an...

chris

Kowalski1 04.03.2012 17:13
Zitat:
Zitat von Chris4You (Beitrag 782874)
Hi,

Danke, schaue es mir morgen an...

chris
Hattest schon Zeit mal durchzuschauen?

Chris4You 04.03.2012 21:11
Hi,

bitte noch mal ein neues OTL-Log, der unsichtbare Treiber war nicht drin...

chris

Kowalski1 05.03.2012 13:36
O1 - Hosts bitte beachten

OTL Logfile:
Code:
OTL logfile created on: 05.03.2012 13:29:54 - Run 6
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 50,63% Memory free
10,99 Gb Paging File | 9,33 Gb Available in Paging File | 84,95% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 58,71 Gb Free Space | 30,06% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 21,18 Gb Free Space | 7,83% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxbccoms.exe ( )
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko10.dll ()
MOD - D:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
MOD - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (postgresql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (TunngleService) -- D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (DAUpdaterSvc) -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbc_device) -- C:\Windows\System32\lxbccoms.exe ( )
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - SOFTWARE\Classes\CLSID\\LocalServer32 File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wieistmeineip.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f.2: C:\Program Files\Dyyno\Dyyno Player\npvlc.dll (Dyyno)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.30 19:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.02.24 12:40:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.24 12:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.24 12:38:08 | 000,000,000 | ---D | M]
 
[2009.01.23 17:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2012.03.01 21:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions
[2012.02.24 12:55:28 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2012.02.24 12:41:16 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.26 18:52:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.24 12:57:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.23 10:42:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.03.01 21:17:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.02.14 18:45:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\moveplayer@movenetworks.com
[2009.04.20 14:36:41 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\NPDyyno@dyyno.com
[2010.10.20 19:48:50 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\vshare@toolbar
[2010.01.23 12:35:03 | 000,002,321 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\dictcc.xml
[2009.06.15 20:46:47 | 000,002,030 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\myvideo-suche-.xml
[2009.07.11 11:04:46 | 000,000,727 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\phpnet.xml
[2009.01.23 18:10:53 | 000,002,108 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\youtube-videosuche.xml
[2012.02.22 12:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.29 12:33:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.16 22:19:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.16 13:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1J5N9NVP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.24 12:38:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.24 12:38:07 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.24 12:38:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.24 12:38:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.24 12:38:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Dyyno Player Plugin (Enabled) = C:\Program Files\Dyyno\Dyyno Player\npvlc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2012.03.02 11:43:29 | 000,440,655 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:  Hier standen massig Asiatische Zeichen, ich habe sie gelöscht, da die Datei sonst zu groß gewesen wäre um sie zu posten...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll ( )
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DE9F9EF-8DB8-41C2-8A1F-AF77E3B8D7FB}: NameServer = 195.50.140.246 195.50.140.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E65DDC-D557-4A3C-93DC-0488FAD00A79}: DhcpNameServer = 92.241.168.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5348C871-FA4C-48BA-8047-4C204317B8F4}: DhcpNameServer = 7.254.254.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell - "" = AutoRun
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell - "" = AutoRun
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell\AutoRun\command - "" = H:\steambackup2.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.26 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\MAGIX Downloads
[2012.02.26 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\MAGIX
[2012.02.26 15:01:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Music_Maker_MX_Download-Version
[2012.02.26 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.02.26 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2012.02.26 15:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.02.26 15:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.02.26 15:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012.02.16 19:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\tdsskiller
[2012.02.15 20:12:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.14 19:12:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2012.02.14 19:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.14 19:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.14 19:11:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.14 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.14 17:58:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012.02.13 17:59:32 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Avira
[2012.02.13 17:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.13 17:58:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.13 17:58:04 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.13 17:58:04 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.13 17:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.13 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2009.01.29 19:28:27 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\PrxerNsp.dll
[2009.01.26 14:40:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2009.01.26 14:40:49 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2009.01.26 14:40:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2009.01.26 14:40:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2009.01.26 14:40:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2009.01.26 14:40:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2009.01.26 14:40:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe
[2009.01.26 14:40:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2009.01.26 14:40:49 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2009.01.26 14:40:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe
[2009.01.26 14:40:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe
[2009.01.26 14:40:49 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2009.01.26 14:40:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2009.01.26 14:40:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.05 13:31:46 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.05 13:07:13 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.05 13:07:13 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.05 13:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.05 13:06:15 | 3488,735,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.04 22:59:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.03.03 16:02:23 | 000,026,794 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2012.03.03 15:54:54 | 000,002,623 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Word.lnk
[2012.03.02 11:43:29 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.03.01 21:17:04 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.03.01 21:17:04 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.02.29 13:23:32 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120302-114328.backup
[2012.02.27 18:25:12 | 002,044,186 | ---- | M] () -- C:\Users\Kevin\Desktop\tdsskiller.zip
[2012.02.27 15:22:41 | 000,000,404 | ---- | M] () -- C:\Windows\LEXSTAT.INI
[2012.02.27 11:27:26 | 000,367,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.25 14:41:55 | 000,440,595 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120229-132332.backup
[2012.02.25 14:41:43 | 000,440,595 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120225-144155.backup
[2012.02.24 21:14:42 | 000,898,802 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120225-144143.backup
[2012.02.23 18:16:42 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.18 14:38:07 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120221-170012.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120223-185148.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120223-185117.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120223-184832.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120221-194836.backup
[2012.02.18 14:37:58 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143807.backup
[2012.02.14 19:11:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.14 17:58:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012.02.13 17:58:20 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.11 21:16:46 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120216-200440.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143758.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143711.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120217-085149.backup
[2012.02.08 19:32:27 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120211-211646.backup
[2012.02.07 14:30:18 | 000,449,210 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120208-193227.backup
[2012.02.05 18:52:43 | 000,449,210 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120207-143018.backup
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.27 18:25:05 | 002,044,186 | ---- | C] () -- C:\Users\Kevin\Desktop\tdsskiller.zip
[2012.02.23 18:11:44 | 3488,735,232 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.14 19:11:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 17:58:20 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.15 05:39:42 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.08.01 18:35:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.12 22:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.06.01 13:45:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.06.01 13:45:52 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.05.26 20:17:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.26 20:17:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.05.12 20:46:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.01.13 18:18:15 | 000,000,365 | ---- | C] () -- C:\Users\Kevin\AppData\Local\postgresinstall.bat
[2011.01.04 15:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 15:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 15:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 15:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 15:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2010.05.26 19:37:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.04.28 20:31:06 | 000,000,068 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.05 18:47:36 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.02.27 13:08:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.23 16:13:27 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2010.01.27 20:46:45 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.29 12:32:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.23 20:40:51 | 000,000,762 | ---- | C] () -- C:\Windows\Edofma.INI
[2009.08.28 13:25:32 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.23 19:20:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.05.29 17:36:24 | 000,086,250 | ---- | C] () -- C:\Windows\wininit.ini
[2009.05.27 17:23:04 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2009.05.12 12:32:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.03.22 21:18:35 | 000,134,989 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.03.15 19:22:50 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.29 20:02:15 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat
[2009.01.29 19:28:29 | 000,000,386 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Current.prx
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2009.01.26 14:40:49 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2009.01.26 11:19:30 | 000,026,794 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2009.01.26 11:15:43 | 000,001,187 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.26 10:43:49 | 000,000,404 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2009.01.25 18:14:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.01.25 18:14:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.01.23 17:21:26 | 000,154,624 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.23 17:10:00 | 000,138,056 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\PnkBstrK.sys
[2009.01.23 17:09:45 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.01.23 17:09:43 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.01.23 17:09:43 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.01.23 15:28:26 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.23 15:28:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.23 15:04:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.01.23 15:04:23 | 000,026,082 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.01.23 15:03:13 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2008.01.21 08:15:58 | 000,699,116 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,156,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.02.22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,367,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,655,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,128,292 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.25 14:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll
[1999.01.22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL

< End of report >
--- --- ---

Kowalski1 05.03.2012 13:38
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 05.03.2012 13:29:54 - Run 6
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 50,63% Memory free
10,99 Gb Paging File | 9,33 Gb Available in Paging File | 84,95% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 58,71 Gb Free Space | 30,06% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 21,18 Gb Free Space | 7,83% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BC15B64-C369-496B-A7D8-CFFFC4738F54}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93D28C7D-657A-4A6C-9A39-E8811B331A93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9B414A25-7921-4077-8A59-B68AA7302B3D}" = lport=6112 | protocol=6 | dir=in | name=6112 |
"{A380219C-62BF-43B3-A6B1-09D5BDF70280}" = lport=1338 | protocol=6 | dir=in | name=1338 |
"{AC91602A-E785-452B-8567-15E5539F3047}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{C6D9711C-F8FC-4968-B369-15E51F4CA809}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{C84A652A-8EBA-4CB9-99A5-A971B83D8A81}" = lport=6112 | protocol=17 | dir=in | name=6112 |
"{DFEAD0CC-CDB7-455C-9249-93B9580096CA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{FDFCFF18-B31E-40CD-BD14-B5E380366C3A}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02260DC9-E8BB-4709-AE40-AC121E1B75C4}" = protocol=6 | dir=in | app=d:\program files\tunngle\tunngle.exe |
"{050717F2-A386-453C-9E2F-3E820C983899}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{0B15D919-5D5E-44A1-87D3-A138A09B8863}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{0CE501C0-FDCF-4D73-B12C-314C4B52CC81}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{102B6718-FC6C-417E-9224-A7EB457B3B58}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{10FAA7ED-BF56-49A0-9FE0-9B82B277744C}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{13EDE2F6-A665-4156-AF37-9447DE82A910}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{1711F7DC-8DB9-4F7A-8479-F04A13225919}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{1B2A3F2F-1146-4727-97EA-2CCF7BD51B64}" = protocol=17 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{2292A04C-B868-459D-B9FC-C131350CA1ED}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{23CEBD8A-3C1D-4B0E-882C-A4FCF90AB311}" = protocol=17 | dir=in | app=d:\program files\origin games\fifa 12\game\fifa.exe |
"{2424D9BB-DF60-4D8F-AE13-BC1FCB900C72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B8C018F-B057-4F7A-85A4-3ECF943216F9}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{3235C9BD-E643-4991-A705-710F9EA4A2D1}" = protocol=6 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{3518C955-624F-496D-B0BA-B30391ADAA38}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{3630A9D1-6A51-4B39-BEC9-4D15CCD4DDC0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{36C40B64-DA14-4D51-8CCC-9BBDCAFA559D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39E71065-55BB-4394-BA3A-EF8F1A446F4A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{3A483245-06E6-43D5-8775-CE3D6B3036F7}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\empire total war\empire.exe |
"{3DA9F65D-0F1B-4AC4-93FF-931F8E04C48C}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{3E262613-34F5-40BC-9945-DD865C30B995}" = protocol=17 | dir=in | app=d:\program files\guild wars\gw.exe |
"{3EC05ED4-1271-4608-A9C0-5553C6A9AFD5}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{435BA85B-268F-4C94-9075-CEF504A1F201}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4A6297F7-5AAB-451F-AB63-6DCDC1EBEE4A}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{4C9FDD42-5D44-4FC3-8E72-410A9266A9A5}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\holdemmanager.exe |
"{4E48D4A7-54F5-4CB8-BCE4-D3D267E2B647}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{538A5A86-8353-45C0-ACAC-0C5A64CDE326}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{563115A1-0AB3-403A-A358-8CC8169C7C92}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{64526B2B-07FE-4CB9-995A-EC99BD56CEC4}" = protocol=6 | dir=in | app=d:\program files\origin games\fifa 12\game\fifa.exe |
"{67992397-B7F7-48C9-AFB8-4D2413AED5C2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{68D0A40B-8F8C-450C-AFB0-108EFC58CA95}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{690B9E13-F0F1-4C73-BE7F-F9D7DE3AB7D9}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe |
"{6A07AFBB-4BCF-4EA3-B508-52A3610868DC}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{6B061DED-E945-4814-B47A-FC9F738527B4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{6D04846C-3871-404E-8733-DD022C80F67F}" = protocol=17 | dir=in | app=d:\program files\tunngle\tunngle.exe |
"{723E5170-3CBE-40B8-8F55-7AD9AC5820A3}" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{72B0DB13-159F-4B56-BE61-0FAC797EB6FF}" = protocol=6 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{750974CD-2435-4972-ADF3-F528CBC8235B}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{76DAFFCF-C701-4127-A0F9-BB5BA3FD1BB1}" = protocol=17 | dir=in | app=d:\program files\jdownloader\jdownloader.exe |
"{790146CC-0E13-491D-B8B4-BBB41C56F905}" = protocol=17 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{816D2944-2DDC-4CA2-82B1-FD5A19CBECB7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{82D89747-9AB8-4AE0-9EF0-BC90C1F3AD2B}" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{8395DC00-59CF-451E-98B3-AA3B56F4BFE8}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{84ECAE31-FC9E-4C68-8E94-D26484B812F5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{878CF526-CDEE-4F0B-9B48-3A33B6456523}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{88779E37-82FB-4FF0-B070-B60C5C67BB61}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{89D5CA6B-C59E-421F-B29A-C3139E64C405}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{8D9080F5-CBB9-4D78-9741-EB29E4137EC8}" = protocol=17 | dir=in | app=d:\program files\tunngle\tnglctrl.exe |
"{8DD8DE8D-5C60-431F-94A2-2085321DF1A0}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{8E10E4F2-102D-4313-A0C2-49FC0F8A9780}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{8F352AF1-718E-478D-A562-B315AF975D36}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\dbcontrolpanel.exe |
"{9066254F-CA05-4EAD-A4F2-C51E4E680FB5}" = protocol=17 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{90EE8DC0-423B-4889-8746-4EAA937158D5}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{91371408-6EF0-4D66-BA1A-CE2273A4C934}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{954EADF2-6428-4413-BDAA-9B642E192696}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{98A92B9B-2335-41B4-95F7-07262B5991EF}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\holdemmanager.exe |
"{9C32CA59-2829-4D89-9165-B97478D864BF}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{A2A87C3B-F9F4-4756-AD7E-E9AF4FC1330B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{A3D2E1C9-2EEE-4A9C-AA5F-070D9DF59537}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{B10D5103-085B-4117-9133-F70B2C643F75}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B2DF138E-9D08-481D-A35C-3DF328E167AD}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{B2E8F5FC-C809-4468-89C7-7BC5F4A98AEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3740786-CCE7-4F72-94A8-2144178CE1DC}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{B5F30A51-1A31-4C51-BA5B-81D57F176B3A}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{B9BA56B4-9973-4FCE-BB3F-FE3BA14D123E}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{C2C7D9BA-F032-4721-BE08-FC5CC192779B}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{C3FCFC0F-6786-4BCD-8E90-7FAC5F771B8E}" = protocol=6 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{C6EE227B-D4C8-447A-9839-F4180B9B47B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9227D88-0738-4AAF-8B83-FC1EC143C487}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{CC4BBF49-1B60-442E-89A9-B06A529E79EF}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{CF275D39-5B34-4F54-9AAC-E67D11014EF2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{D0A342DE-47F0-40E5-9DDC-26A00D484ADE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D0FF87E1-C68C-4DD2-B2D0-94E4CFC3FF1C}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D155E9CF-FB09-493B-A41C-49B03EC8F8DB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{D7C61099-0E88-4FC1-A2A7-BBD4B33A57D9}" = protocol=6 | dir=in | app=d:\program files\tunngle\tnglctrl.exe |
"{DA2244EA-B8AF-4632-9ED7-17EDC40614BC}" = protocol=6 | dir=in | app=d:\program files\jdownloader\jdownloader.exe |
"{DEF5CCD5-D345-4C7B-9B5E-7204566625EC}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{E013AFFF-F7CB-4D5B-AFDC-7A867571087C}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\empire total war\empire.exe |
"{E07CD312-6F7C-45E7-BA3B-DCCF6DDC235E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0C4163B-AFA6-4B91-A36D-BA5A74848E85}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{E1694F0D-443C-4AF3-B632-53A516E6E2D6}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\hmhud.exe |
"{E2A90B3E-2D2F-4451-98BD-3965C1E50BE7}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\dbcontrolpanel.exe |
"{E2D38A28-619B-4834-AF19-44745E421847}" = protocol=6 | dir=in | app=d:\program files\guild wars\gw.exe |
"{E3419925-96B7-4252-8A83-793EC1FC6CCF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{E9B24E58-D222-416D-9A21-7000279F0571}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{EE8BC520-C3F9-4AD8-B582-718CB0F6D022}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F322ECEA-F096-411A-949E-5C828DD2E3E5}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\hmhud.exe |
"{F32BC7EA-EE55-451E-83BA-2390596BCF5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F59FDB2E-6B16-4D9E-9E79-BAE045C89F89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA037785-B456-43D8-B5C1-23B33479A2CF}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{FA640713-D0A0-48F1-965A-F8C400DE261C}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{FBB8494F-3FBD-49A7-97CA-179BDB9729D2}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe |
"{FC00CB47-D4D8-400F-9E57-D4446BD637A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCD0F2B3-1DDD-4755-96DF-1356DAE8E10C}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{FD842E24-0121-4040-9F34-B835AF063345}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FE49D6DF-5DF5-4677-81B4-9CD40252F8C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{049D0E66-0298-4E8B-9358-D47E8FDB0C3F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{04F344EC-5E4D-43F6-AFCE-22EE95F7FB50}D:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe |
"TCP Query User{08174836-18B6-4FAA-A655-2571C7877725}D:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
"TCP Query User{0C126593-312B-4AD3-863D-8400420B58B9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{0C1461D8-90F6-4C35-AFAC-24D5E8C44CA4}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=6 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"TCP Query User{0CE0CFA6-E3A7-4CD4-B0DE-3B57D98C23EB}D:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe |
"TCP Query User{124E94B1-4E62-42E7-99E3-CC7BF683C40E}D:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=d:\program files\intervideo\dvd8\windvd.exe |
"TCP Query User{1416E868-8826-47F9-BDD3-F75ED2C5181B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{14308610-31A2-4E31-AC07-0DDBA6690333}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{1B7FE7CC-DBF3-458A-80D3-5FEA509CCE67}D:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"TCP Query User{1D2E2B02-D8A0-42C1-8466-0A36F0902BC9}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{3C0AB35C-276B-414D-A213-E54BBBB838DF}D:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"TCP Query User{49D913CB-E95A-4154-88F6-C93E1752763F}D:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=d:\program files\winhttrack\winhttrack.exe |
"TCP Query User{4FE52CA6-24AA-40ED-BDFA-005BF946FC2A}D:\program files\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=d:\program files\valve\portal 2\portal2.exe |
"TCP Query User{6AF44318-D101-489A-9755-24201C6661E6}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{6B07766E-D96C-49E9-9A06-8DA31F794839}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{6E85616E-0AC0-4DBB-A33C-812E9E52B214}C:\program files\graffiti studio 2.0\graffiti studio.exe" = protocol=6 | dir=in | app=c:\program files\graffiti studio 2.0\graffiti studio.exe |
"TCP Query User{74F4E9B8-5458-4F9F-98D5-44928363DB1E}D:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"TCP Query User{836C65D3-9920-4A7B-9412-98DB2ED728E8}D:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{90414F95-AB68-4239-BCB5-B36E9C41F391}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{94F32068-74E9-43E9-99DF-E6ADAE1FC09C}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{96097F71-1DAA-461B-829A-AB480AE296D1}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{96C6F46D-7F7E-4E33-ACEB-C16A1FE2F753}D:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{9ABA2525-3565-4259-A03E-24ADEF7EABE3}D:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=6 | dir=in | app=d:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"TCP Query User{9B5354C6-39D5-4310-BC11-D6CE303EB780}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A3890824-D3F6-4F4F-ADF3-D4E2F7ACFED5}C:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe |
"TCP Query User{AFFDAD41-1AF0-4AA9-A89B-BF912C6520A3}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{B9B481CC-80B5-410D-9E1D-3A38ADEE3F58}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{C3276851-E358-4B72-9A07-ED0D8BF93299}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E0831070-2F42-4BA3-95CC-25B22F88277D}C:\program files\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"TCP Query User{E4782409-E453-45AA-8C55-6FB1B41B9E28}C:\program files\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"TCP Query User{E89CBB6F-3FDC-4543-B1F3-49D067CCD41C}C:\users\kevin\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\kevin\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{F8783AAA-F8E2-4820-884A-9E8C25DBD531}D:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\addon.exe |
"UDP Query User{02993BB8-1AEE-451D-8FEB-F9B2BC730D15}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{0378D491-90D0-47E8-9F5F-B5BD4BA7D2D7}D:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe |
"UDP Query User{0576D843-2AB9-4805-800C-F65355E2553E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0FBE7B06-3488-4C92-ABBF-813488D24215}D:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"UDP Query User{126CC74A-8A3C-42DD-AA55-32C1862A9A4A}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=17 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"UDP Query User{2135D95F-6179-48A4-AB5F-23E6A6683DDE}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{22DC7004-F415-4A63-A3AB-CEA9D14A2A4D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{24CF0632-9E3A-427B-9A89-6CFA95A0CF0F}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{2B0C7EDD-9757-4908-839E-CE60AD3AAB94}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2ED5D616-E6CA-40E5-8295-2F8260D4C2D2}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{33234148-933E-406B-867E-4F6FE70750C6}D:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=17 | dir=in | app=d:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"UDP Query User{397800EC-ADF1-4E68-97E7-623353BC6BBB}C:\program files\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"UDP Query User{39876B57-9949-4193-B7BB-62965B7CA361}C:\program files\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"UDP Query User{3CEC3EB6-213D-4754-AAA0-F70A7DF77DB9}D:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=d:\program files\winhttrack\winhttrack.exe |
"UDP Query User{48C2ECB9-17B2-48C5-87DB-F9B1317EB174}D:\program files\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=d:\program files\valve\portal 2\portal2.exe |
"UDP Query User{48FBD34E-91B9-43EB-935F-3A037D8934F1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4BF507AB-6E70-46A7-AE59-4B242C49FF87}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{4EB37FA1-7A9F-448A-A0B2-49D36334763F}C:\program files\graffiti studio 2.0\graffiti studio.exe" = protocol=17 | dir=in | app=c:\program files\graffiti studio 2.0\graffiti studio.exe |
"UDP Query User{520A5AFE-1914-4276-82DE-EFF1AB4C6528}D:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"UDP Query User{61C080E2-1D35-4A75-AFB4-9EE03D9486F4}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{638DCCE4-D8A3-40C7-8C48-D3CF6D496BF8}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{6396DB85-D5BB-485F-87B7-A29190E1D724}D:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\addon.exe |
"UDP Query User{73909B1C-8977-416E-B65E-0E7D64AB199D}D:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"UDP Query User{7EA54910-C7E0-40AB-85D4-8C00AC544246}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{810E8CAE-E004-4F84-A689-8D452C9459AB}C:\users\kevin\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\kevin\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{84787A75-BB9D-481F-88E0-DFEAFDB53536}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8946B41A-3B34-4FD8-B8DB-25A8A8690BC0}D:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{8FAF48EF-3C10-452B-AEF0-BCECCD682355}C:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe |
"UDP Query User{A0FB9F23-81DB-4467-A9D0-96B933FC272A}D:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe |
"UDP Query User{BE02FC87-B499-4FAA-BE33-B9E5700844E5}D:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=d:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{C0D295DE-8E05-4585-843E-93FC298484EA}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{F473267A-E72F-4133-B22F-74F39EAC164F}D:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F4B67866-96DB-4695-84A5-484A19FA9DA8}D:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1459C671-45F3-4A58-8EA6-3B675460E51A}" = DO Kopfrechnen
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM)
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light
"{3230518C-2953-4FB9-8485-B3CDFCC36A70}" = Rosetta Stone Ltd Services
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE2032D-B1DA-4057-9D1E-4120F8B64367}" = DSLaufzeit
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45B4FF51-D048-46A1-AE2C-3786F2221F47}" = DSRechner
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB36284-71BC-4FAA-931C-6641DE3F4472}" = MAGIX Goya burnR (MSI)
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AF9D464-6627-4FB9-AEF9-15D6C972CA84}_is1" = Minecraft Beta Version 1.7.3
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{90DA7F39-B9D4-4FB1-93A0-6B10F83E35E2}" = Wer wird Millionär - Party-Edition
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{99889189-C739-4A46-BA02-3B271A118957}" = F.E.A.R. Mission Perseus
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53BEB85-A538-4F93-BF0C-2D9770532D10}" = Lost Horizon
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B06DEEF2-9F64-4C04-84E7-D56CD9BF85BE}" = MAGIX Music Maker MX Download-Version
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B8AC8B3A-5842-4AE6-AFFD-FB2808EE3544}" = MAGIX Music Maker MX Trial (Soundpaket)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}" = Condemned - Criminal Origins
"{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}" = Clive Barker's Jericho
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2F8468F-85AB-4D08-A68E-01D328E7B261}" = PokerStrategy.com Elephant
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D6A5B908-426D-4F00-B7DE-D59DFD51E0E8}" = MAGIX Screenshare
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DEED33EE-4357-4907-8F20-C1A50CC68A5A}" = USB Joystick
"{E184BB79-61A3-4B0A-86D1-12A56C0A7270}" = Painkiller Resurrection
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E71AC707-179D-458D-A1E8-F52977CAEAB4}" = M.U.D. TV
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F027C8E3-6DBD-492A-9959-7B36B1DE0D65}" = Ad-Aware
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F73D18C1-F4DA-4B9F-9C46-5185F5D3DB7C}" = F.E.A.R. 2 SP Demo
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FD025150-EEA0-4CAC-BED1-B9837783FCC8}" = ActivePerl 5.10.0 Build 1005
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"abgx360" = abgx360 v1.0.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"APP-Codejock.SuitePro.ActiveX.v12.0.1_is1" = Xtreme SuitePro ActiveX v12.0.1
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ask Toolbar_is1" = Ask Toolbar
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Black Mirror 2_is1" = Black Mirror 2
"Black Mirror III_is1" = Black Mirror III
"Brain Workshop_is1" = Brain Workshop 4.4
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dues Ex Human Revolution_is1" = Dues Ex Human Revolution
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"DyynoPlayer" = DyynoPlayer 0.8.6f.2
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"Eraser" = Eraser
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F.E.A.R. 3_is1" = F.E.A.R. 3
"F.E.A.R.2 Reborn_is1" = F.E.A.R.2 Reborn
"FeedReader_is1" = FeedReader
"FileZilla Client" = FileZilla Client 3.3.4.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Billiards 2008_is1" = Free Billiards 2008
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Game Booster_is1" = Game Booster
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Updater" = Google Updater
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"HoldemManager" = Holdem Manager
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark 510 Series" = Lexmark 510 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II
"MAGIX_MSI_mm18" = MAGIX Music Maker MX Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mikogo" = Mikogo
"MobMap_is1" = MobMap 3.55
"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MyMDb_0" = MyMDb 3.6
"Nero - Burning Rom!UninstallKey" = Ahead Nero OEM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"Origin" = Origin
"PartyPoker" = PartyPoker
"Pidgin" = Pidgin
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Postal 2_is1" = Portal 2
"PostgreSQL 8.3" = PostgreSQL 8.3
"PostgreSQL 8.4" = PostgreSQL 8.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Proxifier_is1" = Proxifier version 2.7
"PunkBusterSvc" = PunkBuster Services
"Quick Memory Editor_is1" = Quick Memory Editor 5.5
"QuickPar" = QuickPar 0.9
"RealPlayer 12.0" = RealPlayer
"Schlag den Raab_is1" = Schlag den Raab
"Shockwave" = Shockwave
"SitNGoWizard" = SitNGo Wizard
"SMPlayer_is1" = SMPlayer 0.6.6
"SopCast" = SopCast 3.2.4
"Steam App 10500" = Empire: Total War
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 500" = Left 4 Dead
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TeamViewer 6" = TeamViewer 6
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TrueCrypt" = TrueCrypt
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"UseNeXT_is1" = UseNeXT
"VirusTotalUploader" = VirusTotal Uploader
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 0.9.8a
"Warcraft III" = Warcraft III
"WebMoney Agent" = WebMoney Agent
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Wecker 2.2" = Wecker 2.2 2.2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9
"WinPatrol" = WinPatrol 2008
"WinRAR archiver" = WinRAR
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"World of Warcraft" = World of Warcraft
"xampp" = XAMPP 1.7.1
"X-Chat 2_is1" = X-Chat 2.8.6-2
"Xfire" = Xfire (remove only)
"XnView_is1" = XnView 1.96.5
"xp-AntiSpy" = xp-AntiSpy 3.97
"Zygor Guides" = Zygor Guides
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)
"BrainGame" = Dr Kawashima
"Google Chrome" = Google Chrome
"Runic Games Torchlight" = Torchlight
"sc10-DE_SEVENONE_MAIN" = Big Pizza Ski Challenge 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Universal Replayer" = Universal Replayer
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.03.2012 08:08:35 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-05 13:08:35 CETFATAL:  role "SYSTEM" does not exist
 
Error - 05.03.2012 08:08:36 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-05 13:08:36 CETFATAL:  role "SYSTEM" does not exist
 
Error - 05.03.2012 08:08:37 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-05 13:08:37 CETFATAL:  role "SYSTEM" does not exist
 
Error - 05.03.2012 08:08:38 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-05 13:08:38 CETFATAL:  role "SYSTEM" does not exist
 
Error - 05.03.2012 08:08:39 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-05 13:08:39 CETFATAL:  role "SYSTEM" does not exist
 
Error - 05.03.2012 08:08:40 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-05 13:08:40 CETFATAL:  role "SYSTEM" does not exist
 
Error - 05.03.2012 08:08:41 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-05 13:08:41 CETFATAL:  role "SYSTEM" does not exist
 
Error - 05.03.2012 08:08:43 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-05 13:08:43 CETFATAL:  role "SYSTEM" does not exist
 
Error - 05.03.2012 08:08:44 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-05 13:08:44 CETFATAL:  role "SYSTEM" does not exist
 
Error - 05.03.2012 08:31:33 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\real\realplayer\plugins\rmxrend.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ SitNGoWizard Events ]
Error - 26.02.2012 10:03:25 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.02.2012 10:03:29 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.02.2012 10:03:29 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.02.2012 10:03:39 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.02.2012 10:03:39 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.02.2012 10:03:49 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.02.2012 10:03:49 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.02.2012 10:03:59 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.02.2012 10:03:59 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.02.2012 10:04:43 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
[ System Events ]
Error - 01.03.2012 14:20:48 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 01.03.2012 14:22:11 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.03.2012 05:05:16 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 02.03.2012 05:06:55 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 03.03.2012 05:24:27 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 03.03.2012 05:25:55 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 04.03.2012 08:09:33 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 04.03.2012 08:11:18 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 05.03.2012 08:07:13 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 05.03.2012 08:08:45 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
[ TuneUp Events ]
Error - 29.02.2012 07:27:23 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-29 12:27:23', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','1372',0)
 
Error - 29.02.2012 08:29:27 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-02-29 13:29:27', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','484',0)
 
Error - 01.03.2012 04:42:50 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-01 09:42:50', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','1516',0)
 
Error - 01.03.2012 14:24:19 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-01 19:24:19', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','5848',0)
 
Error - 01.03.2012 15:45:58 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-01 20:45:58', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','4828',0)
 
Error - 02.03.2012 05:08:58 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-02 10:08:58', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4256',0)
 
Error - 03.03.2012 05:28:01 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-03 10:28:01', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','3188',0)
 
Error - 04.03.2012 08:13:24 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-04 13:13:24', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4228',0)
 
Error - 04.03.2012 16:31:40 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-04 21:31:40', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4228',1)
 
Error - 04.03.2012 17:47:18 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-04 22:47:18', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4228',1)
 
 
< End of report >
--- --- ---

Chris4You 05.03.2012 14:05
Hi,

weist Du noch, was Du am [2012.03.02 11:43:29] getrieben hast?
Da wurde das Hostsfile geändert...

Weiterhin hast Du eine DNS-Server in Russland eingetragen, den kille ich...

Winpatrol ausschalten vor dem Fix...

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5348C871-FA4C-48BA-8047-4C204317B8F4}: DhcpNameServer = 7.254.254.254

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Prevx:
Das Tool neigt zu Fehlalarmen und kann in der freien Version auch nichts löschen, ist aber sonst recht gut... (und läuft auch auf 64Bit-Plattformen)
Prevx 3.0 for Home and Family
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

Kowalski1 12.03.2012 14:02
Hi,

sorry mal wieder das ich mich so spät melde...

Mein PC läuft langsamer als sonst und ich glaube dass da schonwieder oder immernoch etwas drinnen hängt...
Hab nochmal OTL gemacht

[code]

eitOTL Logfile:
Code:
OTL logfile created on: 12.03.2012 13:49:46 - Run 8
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 51,59% Memory free
10,95 Gb Paging File | 9,46 Gb Available in Paging File | 86,35% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 59,09 Gb Free Space | 30,25% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 19,71 Gb Free Space | 7,29% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxbccoms.exe ( )
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko10.dll ()
MOD - D:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (postgresql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (TunngleService) -- D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (DAUpdaterSvc) -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbc_device) -- C:\Windows\System32\lxbccoms.exe ( )
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - SOFTWARE\Classes\CLSID\\LocalServer32 File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wieistmeineip.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f.2: C:\Program Files\Dyyno\Dyyno Player\npvlc.dll (Dyyno)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.30 19:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.02.24 12:40:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.24 12:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.24 12:38:08 | 000,000,000 | ---D | M]
 
[2009.01.23 17:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2012.03.01 21:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions
[2012.02.24 12:55:28 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2012.02.24 12:41:16 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.26 18:52:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.24 12:57:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.23 10:42:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.03.01 21:17:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.02.14 18:45:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\moveplayer@movenetworks.com
[2009.04.20 14:36:41 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\NPDyyno@dyyno.com
[2010.10.20 19:48:50 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\vshare@toolbar
[2010.01.23 12:35:03 | 000,002,321 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\dictcc.xml
[2009.06.15 20:46:47 | 000,002,030 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\myvideo-suche-.xml
[2009.07.11 11:04:46 | 000,000,727 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\phpnet.xml
[2009.01.23 18:10:53 | 000,002,108 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\youtube-videosuche.xml
[2012.02.22 12:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.29 12:33:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.16 22:19:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.16 13:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1J5N9NVP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.24 12:38:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.24 12:38:07 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.24 12:38:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.24 12:38:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.24 12:38:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Dyyno Player Plugin (Enabled) = C:\Program Files\Dyyno\Dyyno Player\npvlc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2012.03.07 13:42:09 | 000,440,655 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll ( )
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DE9F9EF-8DB8-41C2-8A1F-AF77E3B8D7FB}: NameServer = 195.50.140.246 195.50.140.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E65DDC-D557-4A3C-93DC-0488FAD00A79}: DhcpNameServer = 92.241.168.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5348C871-FA4C-48BA-8047-4C204317B8F4}: DhcpNameServer = 7.254.254.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell - "" = AutoRun
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell - "" = AutoRun
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell\AutoRun\command - "" = H:\steambackup2.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.12 13:32:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Occ
[2012.02.26 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\MAGIX Downloads
[2012.02.26 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\MAGIX
[2012.02.26 15:01:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Music_Maker_MX_Download-Version
[2012.02.26 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.02.26 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2012.02.26 15:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.02.26 15:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.02.26 15:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012.02.16 19:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\tdsskiller
[2012.02.15 20:12:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.14 19:12:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2012.02.14 19:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.14 19:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.14 19:11:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.14 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.14 17:58:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012.02.13 17:59:32 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Avira
[2012.02.13 17:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.13 17:58:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.13 17:58:04 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.13 17:58:04 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.13 17:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.13 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2009.01.29 19:28:27 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\PrxerNsp.dll
[2009.01.26 14:40:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2009.01.26 14:40:49 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2009.01.26 14:40:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2009.01.26 14:40:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2009.01.26 14:40:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2009.01.26 14:40:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2009.01.26 14:40:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe
[2009.01.26 14:40:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2009.01.26 14:40:49 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2009.01.26 14:40:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe
[2009.01.26 14:40:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe
[2009.01.26 14:40:49 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2009.01.26 14:40:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2009.01.26 14:40:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.12 13:48:20 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.03.12 13:46:21 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.12 13:44:48 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.12 13:44:48 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.12 13:44:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.12 13:44:39 | 3486,658,560 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.12 13:43:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.03.12 12:53:15 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.11 21:21:16 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.03.11 21:21:16 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.03.09 17:36:14 | 000,026,752 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2012.03.09 17:36:10 | 000,002,623 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Word.lnk
[2012.03.08 12:24:15 | 000,000,404 | ---- | M] () -- C:\Windows\LEXSTAT.INI
[2012.03.07 13:42:09 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.03.05 20:05:46 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120307-134208.backup
[2012.03.02 11:43:29 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120305-200546.backup
[2012.02.29 20:21:24 | 000,042,392 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2012.02.29 13:23:32 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120302-114328.backup
[2012.02.27 18:25:12 | 002,044,186 | ---- | M] () -- C:\Users\Kevin\Desktop\tdsskiller.zip
[2012.02.27 11:27:26 | 000,367,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.25 14:41:55 | 000,440,595 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120229-132332.backup
[2012.02.25 14:41:43 | 000,440,595 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120225-144155.backup
[2012.02.24 21:14:42 | 000,898,802 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120225-144143.backup
[2012.02.23 18:16:42 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.18 14:38:07 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120221-170012.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120223-185148.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120223-185117.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120223-184832.backup
[2012.02.18 14:38:07 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120221-194836.backup
[2012.02.18 14:37:58 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143807.backup
[2012.02.14 19:11:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.14 17:58:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012.02.13 17:58:20 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.11 21:16:46 | 000,449,370 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120216-200440.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143758.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120218-143711.backup
[2012.02.11 21:16:46 | 000,449,370 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120217-085149.backup
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.12 13:48:20 | 000,000,974 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2012.03.12 13:46:21 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.29 20:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012.02.27 18:25:05 | 002,044,186 | ---- | C] () -- C:\Users\Kevin\Desktop\tdsskiller.zip
[2012.02.23 18:11:44 | 3486,658,560 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.14 19:11:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 17:58:20 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.08.01 18:35:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.12 22:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.06.01 13:45:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.06.01 13:45:52 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.05.26 20:17:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.26 20:17:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.05.12 20:46:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.01.13 18:18:15 | 000,000,365 | ---- | C] () -- C:\Users\Kevin\AppData\Local\postgresinstall.bat
[2011.01.04 15:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 15:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 15:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 15:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 15:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2010.05.26 19:37:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.04.28 20:31:06 | 000,000,068 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.05 18:47:36 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.02.27 13:08:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.23 16:13:27 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2010.01.27 20:46:45 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.29 12:32:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.23 20:40:51 | 000,000,762 | ---- | C] () -- C:\Windows\Edofma.INI
[2009.08.28 13:25:32 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.23 19:20:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.05.29 17:36:24 | 000,086,250 | ---- | C] () -- C:\Windows\wininit.ini
[2009.05.27 17:23:04 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2009.05.12 12:32:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.03.22 21:18:35 | 000,134,989 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.03.15 19:22:50 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.29 20:02:15 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat
[2009.01.29 19:28:29 | 000,000,386 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Current.prx
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2009.01.26 14:40:49 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2009.01.26 11:19:30 | 000,026,752 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2009.01.26 11:15:43 | 000,001,187 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.26 10:43:49 | 000,000,404 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2009.01.25 18:14:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.01.25 18:14:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.01.23 17:21:26 | 000,154,624 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.23 17:10:00 | 000,138,056 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\PnkBstrK.sys
[2009.01.23 17:09:45 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.01.23 17:09:43 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.01.23 17:09:43 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.01.23 15:28:26 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.23 15:28:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.23 15:04:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.01.23 15:04:23 | 000,026,082 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.01.23 15:03:13 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2008.01.21 08:15:58 | 000,699,116 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,156,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.02.22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,367,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,655,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,128,292 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.25 14:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll
[1999.01.22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL

< End of report >
--- --- ---

Kowalski1 12.03.2012 14:19
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 12.03.2012 13:49:46 - Run 8
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 51,59% Memory free
10,95 Gb Paging File | 9,46 Gb Available in Paging File | 86,35% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 59,09 Gb Free Space | 30,25% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 19,71 Gb Free Space | 7,29% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BC15B64-C369-496B-A7D8-CFFFC4738F54}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93D28C7D-657A-4A6C-9A39-E8811B331A93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9B414A25-7921-4077-8A59-B68AA7302B3D}" = lport=6112 | protocol=6 | dir=in | name=6112 |
"{A380219C-62BF-43B3-A6B1-09D5BDF70280}" = lport=1338 | protocol=6 | dir=in | name=1338 |
"{AC91602A-E785-452B-8567-15E5539F3047}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{C6D9711C-F8FC-4968-B369-15E51F4CA809}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{C84A652A-8EBA-4CB9-99A5-A971B83D8A81}" = lport=6112 | protocol=17 | dir=in | name=6112 |
"{DFEAD0CC-CDB7-455C-9249-93B9580096CA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{FDFCFF18-B31E-40CD-BD14-B5E380366C3A}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02260DC9-E8BB-4709-AE40-AC121E1B75C4}" = protocol=6 | dir=in | app=d:\program files\tunngle\tunngle.exe |
"{050717F2-A386-453C-9E2F-3E820C983899}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{0B15D919-5D5E-44A1-87D3-A138A09B8863}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{0CE501C0-FDCF-4D73-B12C-314C4B52CC81}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{102B6718-FC6C-417E-9224-A7EB457B3B58}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{10FAA7ED-BF56-49A0-9FE0-9B82B277744C}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{13EDE2F6-A665-4156-AF37-9447DE82A910}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{1711F7DC-8DB9-4F7A-8479-F04A13225919}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{1B2A3F2F-1146-4727-97EA-2CCF7BD51B64}" = protocol=17 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{2292A04C-B868-459D-B9FC-C131350CA1ED}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{23CEBD8A-3C1D-4B0E-882C-A4FCF90AB311}" = protocol=17 | dir=in | app=d:\program files\origin games\fifa 12\game\fifa.exe |
"{2424D9BB-DF60-4D8F-AE13-BC1FCB900C72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{26173FAA-DEEC-43DF-AEAC-F557EBB4DC69}" = dir=in | app=c:\users\kevin\appdata\roaming\ycf\livolo.exe |
"{2B8C018F-B057-4F7A-85A4-3ECF943216F9}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{3235C9BD-E643-4991-A705-710F9EA4A2D1}" = protocol=6 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{3518C955-624F-496D-B0BA-B30391ADAA38}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{3630A9D1-6A51-4B39-BEC9-4D15CCD4DDC0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{36C40B64-DA14-4D51-8CCC-9BBDCAFA559D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39E71065-55BB-4394-BA3A-EF8F1A446F4A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{3A483245-06E6-43D5-8775-CE3D6B3036F7}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\empire total war\empire.exe |
"{3DA9F65D-0F1B-4AC4-93FF-931F8E04C48C}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{3E262613-34F5-40BC-9945-DD865C30B995}" = protocol=17 | dir=in | app=d:\program files\guild wars\gw.exe |
"{3EC05ED4-1271-4608-A9C0-5553C6A9AFD5}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{435BA85B-268F-4C94-9075-CEF504A1F201}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4A6297F7-5AAB-451F-AB63-6DCDC1EBEE4A}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{4C9FDD42-5D44-4FC3-8E72-410A9266A9A5}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\holdemmanager.exe |
"{4E48D4A7-54F5-4CB8-BCE4-D3D267E2B647}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{538A5A86-8353-45C0-ACAC-0C5A64CDE326}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{563115A1-0AB3-403A-A358-8CC8169C7C92}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{64526B2B-07FE-4CB9-995A-EC99BD56CEC4}" = protocol=6 | dir=in | app=d:\program files\origin games\fifa 12\game\fifa.exe |
"{67992397-B7F7-48C9-AFB8-4D2413AED5C2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{68D0A40B-8F8C-450C-AFB0-108EFC58CA95}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{690B9E13-F0F1-4C73-BE7F-F9D7DE3AB7D9}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe |
"{6A07AFBB-4BCF-4EA3-B508-52A3610868DC}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{6B061DED-E945-4814-B47A-FC9F738527B4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{6D04846C-3871-404E-8733-DD022C80F67F}" = protocol=17 | dir=in | app=d:\program files\tunngle\tunngle.exe |
"{723E5170-3CBE-40B8-8F55-7AD9AC5820A3}" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{72B0DB13-159F-4B56-BE61-0FAC797EB6FF}" = protocol=6 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{750974CD-2435-4972-ADF3-F528CBC8235B}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{76DAFFCF-C701-4127-A0F9-BB5BA3FD1BB1}" = protocol=17 | dir=in | app=d:\program files\jdownloader\jdownloader.exe |
"{790146CC-0E13-491D-B8B4-BBB41C56F905}" = protocol=17 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{816D2944-2DDC-4CA2-82B1-FD5A19CBECB7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{82D89747-9AB8-4AE0-9EF0-BC90C1F3AD2B}" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{8395DC00-59CF-451E-98B3-AA3B56F4BFE8}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{84ECAE31-FC9E-4C68-8E94-D26484B812F5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{878CF526-CDEE-4F0B-9B48-3A33B6456523}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{88779E37-82FB-4FF0-B070-B60C5C67BB61}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{89D5CA6B-C59E-421F-B29A-C3139E64C405}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{8D9080F5-CBB9-4D78-9741-EB29E4137EC8}" = protocol=17 | dir=in | app=d:\program files\tunngle\tnglctrl.exe |
"{8DD8DE8D-5C60-431F-94A2-2085321DF1A0}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{8E10E4F2-102D-4313-A0C2-49FC0F8A9780}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{8F352AF1-718E-478D-A562-B315AF975D36}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\dbcontrolpanel.exe |
"{9066254F-CA05-4EAD-A4F2-C51E4E680FB5}" = protocol=17 | dir=in | app=d:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{90EE8DC0-423B-4889-8746-4EAA937158D5}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{91371408-6EF0-4D66-BA1A-CE2273A4C934}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{954EADF2-6428-4413-BDAA-9B642E192696}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{98A92B9B-2335-41B4-95F7-07262B5991EF}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\holdemmanager.exe |
"{9C32CA59-2829-4D89-9165-B97478D864BF}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{A2A87C3B-F9F4-4756-AD7E-E9AF4FC1330B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{A3D2E1C9-2EEE-4A9C-AA5F-070D9DF59537}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{B10D5103-085B-4117-9133-F70B2C643F75}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B2DF138E-9D08-481D-A35C-3DF328E167AD}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{B2E8F5FC-C809-4468-89C7-7BC5F4A98AEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3740786-CCE7-4F72-94A8-2144178CE1DC}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{B5F30A51-1A31-4C51-BA5B-81D57F176B3A}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{B9BA56B4-9973-4FCE-BB3F-FE3BA14D123E}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{C2C7D9BA-F032-4721-BE08-FC5CC192779B}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{C3FCFC0F-6786-4BCD-8E90-7FAC5F771B8E}" = protocol=6 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{C6EE227B-D4C8-447A-9839-F4180B9B47B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9227D88-0738-4AAF-8B83-FC1EC143C487}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{CC4BBF49-1B60-442E-89A9-B06A529E79EF}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{CF275D39-5B34-4F54-9AAC-E67D11014EF2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{D0A342DE-47F0-40E5-9DDC-26A00D484ADE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D0FF87E1-C68C-4DD2-B2D0-94E4CFC3FF1C}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D155E9CF-FB09-493B-A41C-49B03EC8F8DB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{D7C61099-0E88-4FC1-A2A7-BBD4B33A57D9}" = protocol=6 | dir=in | app=d:\program files\tunngle\tnglctrl.exe |
"{DA2244EA-B8AF-4632-9ED7-17EDC40614BC}" = protocol=6 | dir=in | app=d:\program files\jdownloader\jdownloader.exe |
"{DEF5CCD5-D345-4C7B-9B5E-7204566625EC}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{E013AFFF-F7CB-4D5B-AFDC-7A867571087C}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\empire total war\empire.exe |
"{E07CD312-6F7C-45E7-BA3B-DCCF6DDC235E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0C4163B-AFA6-4B91-A36D-BA5A74848E85}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{E1694F0D-443C-4AF3-B632-53A516E6E2D6}" = protocol=6 | dir=in | app=d:\program files\rvg software\holdem manager\hmhud.exe |
"{E2A90B3E-2D2F-4451-98BD-3965C1E50BE7}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\dbcontrolpanel.exe |
"{E2D38A28-619B-4834-AF19-44745E421847}" = protocol=6 | dir=in | app=d:\program files\guild wars\gw.exe |
"{E3419925-96B7-4252-8A83-793EC1FC6CCF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{E9B24E58-D222-416D-9A21-7000279F0571}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{EE8BC520-C3F9-4AD8-B582-718CB0F6D022}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F322ECEA-F096-411A-949E-5C828DD2E3E5}" = protocol=17 | dir=in | app=d:\program files\rvg software\holdem manager\hmhud.exe |
"{F32BC7EA-EE55-451E-83BA-2390596BCF5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F59FDB2E-6B16-4D9E-9E79-BAE045C89F89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA037785-B456-43D8-B5C1-23B33479A2CF}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{FA640713-D0A0-48F1-965A-F8C400DE261C}" = protocol=6 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{FBB8494F-3FBD-49A7-97CA-179BDB9729D2}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe |
"{FC00CB47-D4D8-400F-9E57-D4446BD637A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCD0F2B3-1DDD-4755-96DF-1356DAE8E10C}" = protocol=17 | dir=in | app=d:\program files\icq7.5\icq.exe |
"{FD842E24-0121-4040-9F34-B835AF063345}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FE49D6DF-5DF5-4677-81B4-9CD40252F8C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{049D0E66-0298-4E8B-9358-D47E8FDB0C3F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{04F344EC-5E4D-43F6-AFCE-22EE95F7FB50}D:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=d:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe |
"TCP Query User{08174836-18B6-4FAA-A655-2571C7877725}D:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
"TCP Query User{0C126593-312B-4AD3-863D-8400420B58B9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{0C1461D8-90F6-4C35-AFAC-24D5E8C44CA4}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=6 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"TCP Query User{0CE0CFA6-E3A7-4CD4-B0DE-3B57D98C23EB}D:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe |
"TCP Query User{124E94B1-4E62-42E7-99E3-CC7BF683C40E}D:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=d:\program files\intervideo\dvd8\windvd.exe |
"TCP Query User{1416E868-8826-47F9-BDD3-F75ED2C5181B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{14308610-31A2-4E31-AC07-0DDBA6690333}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{1B7FE7CC-DBF3-458A-80D3-5FEA509CCE67}D:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"TCP Query User{1D2E2B02-D8A0-42C1-8466-0A36F0902BC9}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{3C0AB35C-276B-414D-A213-E54BBBB838DF}D:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"TCP Query User{4607BE98-85A2-4B92-9F34-68E474831D7A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{49D913CB-E95A-4154-88F6-C93E1752763F}D:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=d:\program files\winhttrack\winhttrack.exe |
"TCP Query User{4FE52CA6-24AA-40ED-BDFA-005BF946FC2A}D:\program files\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=d:\program files\valve\portal 2\portal2.exe |
"TCP Query User{6AF44318-D101-489A-9755-24201C6661E6}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{6B07766E-D96C-49E9-9A06-8DA31F794839}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{6E85616E-0AC0-4DBB-A33C-812E9E52B214}C:\program files\graffiti studio 2.0\graffiti studio.exe" = protocol=6 | dir=in | app=c:\program files\graffiti studio 2.0\graffiti studio.exe |
"TCP Query User{74F4E9B8-5458-4F9F-98D5-44928363DB1E}D:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"TCP Query User{836C65D3-9920-4A7B-9412-98DB2ED728E8}D:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{90414F95-AB68-4239-BCB5-B36E9C41F391}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{94F32068-74E9-43E9-99DF-E6ADAE1FC09C}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{96097F71-1DAA-461B-829A-AB480AE296D1}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{96C6F46D-7F7E-4E33-ACEB-C16A1FE2F753}D:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{9ABA2525-3565-4259-A03E-24ADEF7EABE3}D:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=6 | dir=in | app=d:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"TCP Query User{9B5354C6-39D5-4310-BC11-D6CE303EB780}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A3890824-D3F6-4F4F-ADF3-D4E2F7ACFED5}C:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe |
"TCP Query User{AFFDAD41-1AF0-4AA9-A89B-BF912C6520A3}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{B9B481CC-80B5-410D-9E1D-3A38ADEE3F58}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{C3276851-E358-4B72-9A07-ED0D8BF93299}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D4609FD2-780B-4F2E-8350-31886477599A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E0831070-2F42-4BA3-95CC-25B22F88277D}C:\program files\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"TCP Query User{E4782409-E453-45AA-8C55-6FB1B41B9E28}C:\program files\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"TCP Query User{E89CBB6F-3FDC-4543-B1F3-49D067CCD41C}C:\users\kevin\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\kevin\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{F8783AAA-F8E2-4820-884A-9E8C25DBD531}D:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\addon.exe |
"UDP Query User{02993BB8-1AEE-451D-8FEB-F9B2BC730D15}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{0378D491-90D0-47E8-9F5F-B5BD4BA7D2D7}D:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=d:\program files\wb games\f.e.a.r. 3\f.e.a.r. 3.exe |
"UDP Query User{0576D843-2AB9-4805-800C-F65355E2553E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0D7FB650-BA8F-4287-8CF1-2FF18B954BDA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{0FBE7B06-3488-4C92-ABBF-813488D24215}D:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"UDP Query User{126CC74A-8A3C-42DD-AA55-32C1862A9A4A}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=17 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"UDP Query User{2135D95F-6179-48A4-AB5F-23E6A6683DDE}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{22DC7004-F415-4A63-A3AB-CEA9D14A2A4D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{24CF0632-9E3A-427B-9A89-6CFA95A0CF0F}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{2B0C7EDD-9757-4908-839E-CE60AD3AAB94}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2ED5D616-E6CA-40E5-8295-2F8260D4C2D2}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{33234148-933E-406B-867E-4F6FE70750C6}D:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=17 | dir=in | app=d:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"UDP Query User{397800EC-ADF1-4E68-97E7-623353BC6BBB}C:\program files\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files\openvpn\bin\openvpn.exe |
"UDP Query User{39876B57-9949-4193-B7BB-62965B7CA361}C:\program files\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files\x-chat 2\xchat.exe |
"UDP Query User{3CEC3EB6-213D-4754-AAA0-F70A7DF77DB9}D:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=d:\program files\winhttrack\winhttrack.exe |
"UDP Query User{48C2ECB9-17B2-48C5-87DB-F9B1317EB174}D:\program files\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=d:\program files\valve\portal 2\portal2.exe |
"UDP Query User{48FBD34E-91B9-43EB-935F-3A037D8934F1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4BF507AB-6E70-46A7-AE59-4B242C49FF87}D:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{4EB37FA1-7A9F-448A-A0B2-49D36334763F}C:\program files\graffiti studio 2.0\graffiti studio.exe" = protocol=17 | dir=in | app=c:\program files\graffiti studio 2.0\graffiti studio.exe |
"UDP Query User{520A5AFE-1914-4276-82DE-EFF1AB4C6528}D:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"UDP Query User{61C080E2-1D35-4A75-AFB4-9EE03D9486F4}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{638DCCE4-D8A3-40C7-8C48-D3CF6D496BF8}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{6396DB85-D5BB-485F-87B7-A29190E1D724}D:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\addon.exe |
"UDP Query User{73909B1C-8977-416E-B65E-0E7D64AB199D}D:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"UDP Query User{7EA54910-C7E0-40AB-85D4-8C00AC544246}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{810E8CAE-E004-4F84-A689-8D452C9459AB}C:\users\kevin\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\kevin\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{84787A75-BB9D-481F-88E0-DFEAFDB53536}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8946B41A-3B34-4FD8-B8DB-25A8A8690BC0}D:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{8FAF48EF-3C10-452B-AEF0-BCECCD682355}C:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\locallow\dyyno receiver\dppm.exe |
"UDP Query User{A0FB9F23-81DB-4467-A9D0-96B933FC272A}D:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\kester532\dawn of war 2\dow2.exe |
"UDP Query User{B7B4928C-858A-427B-B2A5-7D28160C26C1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{BE02FC87-B499-4FAA-BE33-B9E5700844E5}D:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=d:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{C0D295DE-8E05-4585-843E-93FC298484EA}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{F473267A-E72F-4133-B22F-74F39EAC164F}D:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F4B67866-96DB-4695-84A5-484A19FA9DA8}D:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1459C671-45F3-4A58-8EA6-3B675460E51A}" = DO Kopfrechnen
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM)
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light
"{3230518C-2953-4FB9-8485-B3CDFCC36A70}" = Rosetta Stone Ltd Services
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE2032D-B1DA-4057-9D1E-4120F8B64367}" = DSLaufzeit
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45B4FF51-D048-46A1-AE2C-3786F2221F47}" = DSRechner
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB36284-71BC-4FAA-931C-6641DE3F4472}" = MAGIX Goya burnR (MSI)
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AF9D464-6627-4FB9-AEF9-15D6C972CA84}_is1" = Minecraft Beta Version 1.7.3
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{90DA7F39-B9D4-4FB1-93A0-6B10F83E35E2}" = Wer wird Millionär - Party-Edition
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{99889189-C739-4A46-BA02-3B271A118957}" = F.E.A.R. Mission Perseus
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53BEB85-A538-4F93-BF0C-2D9770532D10}" = Lost Horizon
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B06DEEF2-9F64-4C04-84E7-D56CD9BF85BE}" = MAGIX Music Maker MX Download-Version
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B8AC8B3A-5842-4AE6-AFFD-FB2808EE3544}" = MAGIX Music Maker MX Trial (Soundpaket)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}" = Condemned - Criminal Origins
"{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}" = Clive Barker's Jericho
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2F8468F-85AB-4D08-A68E-01D328E7B261}" = PokerStrategy.com Elephant
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D6A5B908-426D-4F00-B7DE-D59DFD51E0E8}" = MAGIX Screenshare
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DEED33EE-4357-4907-8F20-C1A50CC68A5A}" = USB Joystick
"{E184BB79-61A3-4B0A-86D1-12A56C0A7270}" = Painkiller Resurrection
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E71AC707-179D-458D-A1E8-F52977CAEAB4}" = M.U.D. TV
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F027C8E3-6DBD-492A-9959-7B36B1DE0D65}" = Ad-Aware
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F73D18C1-F4DA-4B9F-9C46-5185F5D3DB7C}" = F.E.A.R. 2 SP Demo
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FD025150-EEA0-4CAC-BED1-B9837783FCC8}" = ActivePerl 5.10.0 Build 1005
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"abgx360" = abgx360 v1.0.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"APP-Codejock.SuitePro.ActiveX.v12.0.1_is1" = Xtreme SuitePro ActiveX v12.0.1
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ask Toolbar_is1" = Ask Toolbar
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Black Mirror 2_is1" = Black Mirror 2
"Black Mirror III_is1" = Black Mirror III
"Brain Workshop_is1" = Brain Workshop 4.4
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dues Ex Human Revolution_is1" = Dues Ex Human Revolution
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"DyynoPlayer" = DyynoPlayer 0.8.6f.2
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"Eraser" = Eraser
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F.E.A.R. 3_is1" = F.E.A.R. 3
"F.E.A.R.2 Reborn_is1" = F.E.A.R.2 Reborn
"FeedReader_is1" = FeedReader
"FileZilla Client" = FileZilla Client 3.3.4.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Billiards 2008_is1" = Free Billiards 2008
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Game Booster_is1" = Game Booster
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Updater" = Google Updater
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"HoldemManager" = Holdem Manager
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{D2ECAEB9-1ACD-4DA2-B3F6-4A94A429FC8C}" = Legendary
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark 510 Series" = Lexmark 510 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II
"MAGIX_MSI_mm18" = MAGIX Music Maker MX Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mikogo" = Mikogo
"MobMap_is1" = MobMap 3.55
"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MyMDb_0" = MyMDb 3.6
"Nero - Burning Rom!UninstallKey" = Ahead Nero OEM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"Origin" = Origin
"PartyPoker" = PartyPoker
"Pidgin" = Pidgin
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Postal 2_is1" = Portal 2
"PostgreSQL 8.3" = PostgreSQL 8.3
"PostgreSQL 8.4" = PostgreSQL 8.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Proxifier_is1" = Proxifier version 2.7
"PunkBusterSvc" = PunkBuster Services
"Quick Memory Editor_is1" = Quick Memory Editor 5.5
"QuickPar" = QuickPar 0.9
"RealPlayer 12.0" = RealPlayer
"Schlag den Raab_is1" = Schlag den Raab
"Shockwave" = Shockwave
"SitNGoWizard" = SitNGo Wizard
"SMPlayer_is1" = SMPlayer 0.6.6
"SopCast" = SopCast 3.2.4
"Steam App 10500" = Empire: Total War
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 500" = Left 4 Dead
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TeamViewer 6" = TeamViewer 6
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TrueCrypt" = TrueCrypt
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"UseNeXT_is1" = UseNeXT
"VirusTotalUploader" = VirusTotal Uploader
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 0.9.8a
"Warcraft III" = Warcraft III
"WebMoney Agent" = WebMoney Agent
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Wecker 2.2" = Wecker 2.2 2.2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9
"WinPatrol" = WinPatrol 2008
"WinRAR archiver" = WinRAR
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"World of Warcraft" = World of Warcraft
"xampp" = XAMPP 1.7.1
"X-Chat 2_is1" = X-Chat 2.8.6-2
"Xfire" = Xfire (remove only)
"XnView_is1" = XnView 1.96.5
"xp-AntiSpy" = xp-AntiSpy 3.97
"Zygor Guides" = Zygor Guides
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)
"BrainGame" = Dr Kawashima
"Google Chrome" = Google Chrome
"Runic Games Torchlight" = Torchlight
"sc10-DE_SEVENONE_MAIN" = Big Pizza Ski Challenge 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Universal Replayer" = Universal Replayer
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.03.2012 08:46:07 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-12 13:46:07 CETFATAL:  role "SYSTEM" does not exist
 
Error - 12.03.2012 08:46:09 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-12 13:46:09 CETFATAL:  role "SYSTEM" does not exist
 
Error - 12.03.2012 08:46:10 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-12 13:46:10 CETFATAL:  role "SYSTEM" does not exist
 
Error - 12.03.2012 08:46:11 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-12 13:46:11 CETFATAL:  role "SYSTEM" does not exist
 
Error - 12.03.2012 08:46:12 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-12 13:46:12 CETFATAL:  role "SYSTEM" does not exist
 
Error - 12.03.2012 08:46:13 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-12 13:46:13 CETFATAL:  role "SYSTEM" does not exist
 
Error - 12.03.2012 08:46:14 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-12 13:46:14 CETFATAL:  role "SYSTEM" does not exist
 
Error - 12.03.2012 08:46:15 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-12 13:46:15 CETFATAL:  role "SYSTEM" does not exist
 
Error - 12.03.2012 08:46:16 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-12 13:46:16 CETFATAL:  role "SYSTEM" does not exist
 
Error - 12.03.2012 08:46:18 | Computer Name = Kevin-PC | Source = PostgreSQL | ID = 0
Description = 2012-03-12 13:46:18 CETFATAL:  role "SYSTEM" does not exist
 
[ SitNGoWizard Events ]
Error - 26.02.2012 10:03:25 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.02.2012 10:03:29 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.02.2012 10:03:29 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.02.2012 10:03:39 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.02.2012 10:03:39 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.02.2012 10:03:49 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.02.2012 10:03:49 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.02.2012 10:03:59 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
Error - 26.02.2012 10:03:59 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description =    bei System.Windows.Forms.Control.MarshaledInvoke(Control caller,
 Delegate method, Object[] args, Boolean synchronous)    bei System.Windows.Forms.Control.Invoke(Delegate
 method, Object[] args)    bei System.Windows.Forms.Control.Invoke(Delegate method)

  bei SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e)   
bei System.Windows.Forms.Timer.OnTick(EventArgs e)    bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
 m)    bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
 wparam, IntPtr lparam)
 
Error - 26.02.2012 10:04:43 | Computer Name = Kevin-PC | Source = SitNGoWizard | ID = 1
Description = Invoke oder BeginInvoke kann für ein Steuerelement erst aufgerufen
 werden, wenn das Fensterhandle erstellt wurde.
 
[ System Events ]
Error - 10.03.2012 05:42:00 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 10.03.2012 08:15:46 | Computer Name = Kevin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.03.2012 um 13:14:20 unerwartet heruntergefahren.
 
Error - 10.03.2012 08:15:48 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 10.03.2012 08:17:25 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 11.03.2012 07:22:47 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 11.03.2012 07:24:20 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 12.03.2012 06:29:19 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 12.03.2012 06:30:45 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 12.03.2012 08:44:47 | Computer Name = Kevin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 12.03.2012 08:46:19 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description =
 
[ TuneUp Events ]
Error - 05.03.2012 08:10:50 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-05 13:10:50', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4572',0)
 
Error - 06.03.2012 06:13:43 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-06 11:13:43', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4040',0)
 
Error - 07.03.2012 06:30:47 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-07 11:30:47', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','2252',0)
 
Error - 08.03.2012 06:12:55 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-08 11:12:55', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','1772',0)
 
Error - 09.03.2012 03:55:22 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-09 08:55:22', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','2160',0)
 
Error - 10.03.2012 05:44:05 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-10 10:44:05', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4136',0)
 
Error - 10.03.2012 08:19:28 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-10 13:19:28', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','5728',0)
 
Error - 11.03.2012 07:26:22 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-11 12:26:22', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4164',0)
 
Error - 12.03.2012 06:32:48 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-12 11:32:48', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamservice.exe','4212',0)
 
Error - 12.03.2012 08:34:04 | Computer Name = Kevin-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-03-12 13:34:04', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5520',0)
 
 
< End of report >
--- --- ---

Chris4You 12.03.2012 14:57
Hi,

auf Anhieb nicht auffälliges...

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:
:OTL

:FILES
[2012.03.12 13:32:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Occ

:Commands
[Resethosts]
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Mal sehen, allerdings laufen auch einige Scanner (AViara, Defender ,...) online mit...

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

chris

Kowalski1 21.03.2012 13:38
Sorry, das ich mich so spät melde ich hatte schon wieder den selben Virus drauf nur kam ich diesmal nichtmal mehr über den Abgesicherten Modus rein, naja habs dann irgendwie hinbekommen ne Systemwiederherstellung durchzuführen.

Das komische ist nur ich habe alles so gemacht wies mir hier gesagt wurde, nur im Gästeaccount gesurft usw.

Das OTL von oben drüber habe ich gemacht, aber Combofix noch nicht und ehrlich gesagt fühl ich mich auch nicht sowohl wenn die Chance da ist das ich das System neu aufsetzen muss deshalb...
Hier mal der OTL Log:
OTL Logfile:
Code:
OTL logfile created on: 21.03.2012 13:20:38 - Run 9
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 56,08% Memory free
10,98 Gb Paging File | 9,60 Gb Available in Paging File | 87,44% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 64,30 Gb Free Space | 32,92% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 18,14 Gb Free Space | 6,71% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxbccoms.exe ( )
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\avutil-51.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\avformat-53.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\avcodec-53.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\APPLIC~1\140835~1.163\gcswf32.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
MOD - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (postgresql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (TunngleService) -- D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (DAUpdaterSvc) -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbc_device) -- C:\Windows\System32\lxbccoms.exe ( )
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - SOFTWARE\Classes\CLSID\\LocalServer32 File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wieistmeineip.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f.2: C:\Program Files\Dyyno\Dyyno Player\npvlc.dll (Dyyno)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.30 19:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.03.20 18:17:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.24 12:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.24 12:38:08 | 000,000,000 | ---D | M]
 
[2009.01.23 17:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2012.03.01 21:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions
[2012.02.24 12:55:28 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2012.02.24 12:41:16 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.26 18:52:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.24 12:57:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.23 10:42:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.03.01 21:17:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.02.14 18:45:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\moveplayer@movenetworks.com
[2009.04.20 14:36:41 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\NPDyyno@dyyno.com
[2010.10.20 19:48:50 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\vshare@toolbar
[2010.01.23 12:35:03 | 000,002,321 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\dictcc.xml
[2009.06.15 20:46:47 | 000,002,030 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\myvideo-suche-.xml
[2009.07.11 11:04:46 | 000,000,727 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\phpnet.xml
[2009.01.23 18:10:53 | 000,002,108 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\youtube-videosuche.xml
[2012.02.22 12:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.29 12:33:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.16 22:19:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.16 13:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1J5N9NVP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.24 12:38:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.24 12:38:07 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.24 12:38:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.24 12:38:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.24 12:38:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Dyyno Player Plugin (Enabled) = C:\Program Files\Dyyno\Dyyno Player\npvlc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2012.03.16 11:40:29 | 000,440,655 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll ( )
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DE9F9EF-8DB8-41C2-8A1F-AF77E3B8D7FB}: NameServer = 195.50.140.246 195.50.140.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E65DDC-D557-4A3C-93DC-0488FAD00A79}: DhcpNameServer = 92.241.168.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5348C871-FA4C-48BA-8047-4C204317B8F4}: DhcpNameServer = 7.254.254.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell - "" = AutoRun
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell - "" = AutoRun
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell\AutoRun\command - "" = H:\steambackup2.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.18 17:44:09 | 000,000,000 | ---D | C] -- C:\1fe23010451635abee7936bea3f0242f
[2012.03.12 13:32:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Occ
[2012.02.26 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\MAGIX Downloads
[2012.02.26 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\MAGIX
[2012.02.26 15:01:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Music_Maker_MX_Download-Version
[2012.02.26 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.02.26 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2012.02.26 15:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.02.26 15:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.02.26 15:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2009.01.29 19:28:27 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\PrxerNsp.dll
[2009.01.26 14:40:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2009.01.26 14:40:49 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2009.01.26 14:40:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2009.01.26 14:40:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2009.01.26 14:40:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2009.01.26 14:40:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2009.01.26 14:40:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe
[2009.01.26 14:40:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2009.01.26 14:40:49 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2009.01.26 14:40:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe
[2009.01.26 14:40:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe
[2009.01.26 14:40:49 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2009.01.26 14:40:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2009.01.26 14:40:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.21 13:22:51 | 000,025,478 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2012.03.21 13:08:18 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 13:08:18 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 11:10:31 | 000,002,623 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Word.lnk
[2012.03.21 11:10:21 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.21 11:08:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.21 11:08:10 | 3486,658,560 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.20 23:27:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.03.18 17:51:11 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2012.03.18 17:42:07 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.17 20:22:03 | 000,002,275 | ---- | M] () -- C:\Users\Kevin\Desktop\TableNinja.lnk
[2012.03.16 11:40:29 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.03.15 17:43:06 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120316-114029.backup
[2012.03.15 17:32:52 | 000,000,404 | ---- | M] () -- C:\Windows\LEXSTAT.INI
[2012.03.14 14:18:39 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120315-174306.backup
[2012.03.13 13:47:47 | 000,000,045 | ---- | M] () -- C:\Users\Kevin\AppData\Local\machpro.dat
[2012.03.13 13:06:08 | 000,000,844 | ---- | M] () -- C:\Users\Kevin\Desktop\HoldemManager - Verknüpfung.lnk
[2012.03.11 21:21:16 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.03.11 21:21:16 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.03.07 13:42:09 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120314-141839.backup
[2012.03.05 20:05:46 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120307-134208.backup
[2012.03.02 11:43:29 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120305-200546.backup
[2012.02.29 20:21:24 | 000,042,392 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2012.02.29 13:23:32 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120302-114328.backup
[2012.02.27 11:27:26 | 000,367,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.25 14:41:55 | 000,440,595 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120229-132332.backup
[2012.02.25 14:41:43 | 000,440,595 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120225-144155.backup
[2012.02.24 21:14:42 | 000,898,802 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120225-144143.backup
[2012.02.23 18:16:42 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.23 10:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.20 18:20:25 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.20 11:04:47 | 3486,658,560 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.18 17:51:11 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2012.03.13 13:47:47 | 000,000,045 | ---- | C] () -- C:\Users\Kevin\AppData\Local\machpro.dat
[2012.03.13 13:47:04 | 000,002,275 | ---- | C] () -- C:\Users\Kevin\Desktop\TableNinja.lnk
[2012.03.13 13:47:04 | 000,001,950 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TableNinja.lnk
[2012.03.13 13:06:22 | 000,000,844 | ---- | C] () -- C:\Users\Kevin\Desktop\HoldemManager - Verknüpfung.lnk
[2012.02.29 20:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.08.01 18:35:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.12 22:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.06.01 13:45:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.06.01 13:45:52 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.05.26 20:17:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.26 20:17:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.05.12 20:46:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.01.13 18:18:15 | 000,000,365 | ---- | C] () -- C:\Users\Kevin\AppData\Local\postgresinstall.bat
[2011.01.04 15:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 15:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 15:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 15:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 15:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2010.05.26 19:37:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.04.28 20:31:06 | 000,000,068 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.05 18:47:36 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.02.27 13:08:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.23 16:13:27 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2010.01.27 20:46:45 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.29 12:32:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.23 20:40:51 | 000,000,762 | ---- | C] () -- C:\Windows\Edofma.INI
[2009.08.28 13:25:32 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.23 19:20:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.05.29 17:36:24 | 000,086,250 | ---- | C] () -- C:\Windows\wininit.ini
[2009.05.27 17:23:04 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2009.05.12 12:32:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.03.22 21:18:35 | 000,134,989 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.03.15 19:22:50 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.29 20:02:15 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat
[2009.01.29 19:28:29 | 000,000,386 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Current.prx
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2009.01.26 14:40:49 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2009.01.26 11:19:30 | 000,025,478 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2009.01.26 11:15:43 | 000,001,187 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.26 10:43:49 | 000,000,404 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2009.01.25 18:14:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.01.25 18:14:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.01.23 17:21:26 | 000,154,624 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.23 17:10:00 | 000,138,056 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\PnkBstrK.sys
[2009.01.23 17:09:45 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.01.23 17:09:43 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.01.23 17:09:43 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.01.23 15:28:26 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.23 15:28:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.23 15:04:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.01.23 15:04:23 | 000,026,082 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.01.23 15:03:13 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2008.01.21 08:15:58 | 000,699,116 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,156,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.02.22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,367,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,655,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,128,292 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.25 14:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll
[1999.01.22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL

< End of report >
--- --- ---

Kowalski1 21.03.2012 13:39
OTL Logfile:
Code:
OTL logfile created on: 21.03.2012 13:20:38 - Run 9
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 56,08% Memory free
10,98 Gb Paging File | 9,60 Gb Available in Paging File | 87,44% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 64,30 Gb Free Space | 32,92% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 18,14 Gb Free Space | 6,71% Space Free | Partition Type: NTFS
 
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxbccoms.exe ( )
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\avutil-51.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\avformat-53.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\avcodec-53.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\APPLIC~1\140835~1.163\gcswf32.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
MOD - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (postgresql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (TunngleService) -- D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (DAUpdaterSvc) -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbc_device) -- C:\Windows\System32\lxbccoms.exe ( )
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - SOFTWARE\Classes\CLSID\\LocalServer32 File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wieistmeineip.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f.2: C:\Program Files\Dyyno\Dyyno Player\npvlc.dll (Dyyno)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.30 19:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.03.20 18:17:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.24 12:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.24 12:38:08 | 000,000,000 | ---D | M]
 
[2009.01.23 17:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2012.03.01 21:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions
[2012.02.24 12:55:28 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2012.02.24 12:41:16 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.26 18:52:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.24 12:57:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.23 10:42:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.03.01 21:17:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.02.14 18:45:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\moveplayer@movenetworks.com
[2009.04.20 14:36:41 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\NPDyyno@dyyno.com
[2010.10.20 19:48:50 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\vshare@toolbar
[2010.01.23 12:35:03 | 000,002,321 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\dictcc.xml
[2009.06.15 20:46:47 | 000,002,030 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\myvideo-suche-.xml
[2009.07.11 11:04:46 | 000,000,727 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\phpnet.xml
[2009.01.23 18:10:53 | 000,002,108 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\youtube-videosuche.xml
[2012.02.22 12:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.29 12:33:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.16 22:19:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.16 13:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1J5N9NVP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.24 12:38:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.24 12:38:07 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.24 12:38:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.24 12:38:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.24 12:38:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Dyyno Player Plugin (Enabled) = C:\Program Files\Dyyno\Dyyno Player\npvlc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2012.03.16 11:40:29 | 000,440,655 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts:
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll ( )
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DE9F9EF-8DB8-41C2-8A1F-AF77E3B8D7FB}: NameServer = 195.50.140.246 195.50.140.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E65DDC-D557-4A3C-93DC-0488FAD00A79}: DhcpNameServer = 92.241.168.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5348C871-FA4C-48BA-8047-4C204317B8F4}: DhcpNameServer = 7.254.254.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell - "" = AutoRun
O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell - "" = AutoRun
O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell\AutoRun\command - "" = H:\steambackup2.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.18 17:44:09 | 000,000,000 | ---D | C] -- C:\1fe23010451635abee7936bea3f0242f
[2012.03.12 13:32:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Occ
[2012.02.26 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\MAGIX Downloads
[2012.02.26 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\MAGIX
[2012.02.26 15:01:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Music_Maker_MX_Download-Version
[2012.02.26 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.02.26 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2012.02.26 15:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.02.26 15:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.02.26 15:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2009.01.29 19:28:27 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\PrxerNsp.dll
[2009.01.26 14:40:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2009.01.26 14:40:49 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2009.01.26 14:40:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2009.01.26 14:40:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2009.01.26 14:40:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2009.01.26 14:40:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2009.01.26 14:40:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe
[2009.01.26 14:40:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2009.01.26 14:40:49 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2009.01.26 14:40:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe
[2009.01.26 14:40:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe
[2009.01.26 14:40:49 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2009.01.26 14:40:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2009.01.26 14:40:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.21 13:22:51 | 000,025,478 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2012.03.21 13:08:18 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 13:08:18 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 11:10:31 | 000,002,623 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Word.lnk
[2012.03.21 11:10:21 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.21 11:08:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.21 11:08:10 | 3486,658,560 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.20 23:27:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.03.18 17:51:11 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2012.03.18 17:42:07 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.17 20:22:03 | 000,002,275 | ---- | M] () -- C:\Users\Kevin\Desktop\TableNinja.lnk
[2012.03.16 11:40:29 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.03.15 17:43:06 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120316-114029.backup
[2012.03.15 17:32:52 | 000,000,404 | ---- | M] () -- C:\Windows\LEXSTAT.INI
[2012.03.14 14:18:39 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120315-174306.backup
[2012.03.13 13:47:47 | 000,000,045 | ---- | M] () -- C:\Users\Kevin\AppData\Local\machpro.dat
[2012.03.13 13:06:08 | 000,000,844 | ---- | M] () -- C:\Users\Kevin\Desktop\HoldemManager - Verknüpfung.lnk
[2012.03.11 21:21:16 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.03.11 21:21:16 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.03.07 13:42:09 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120314-141839.backup
[2012.03.05 20:05:46 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120307-134208.backup
[2012.03.02 11:43:29 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120305-200546.backup
[2012.02.29 20:21:24 | 000,042,392 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2012.02.29 13:23:32 | 000,440,655 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120302-114328.backup
[2012.02.27 11:27:26 | 000,367,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.25 14:41:55 | 000,440,595 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120229-132332.backup
[2012.02.25 14:41:43 | 000,440,595 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120225-144155.backup
[2012.02.24 21:14:42 | 000,898,802 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120225-144143.backup
[2012.02.23 18:16:42 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.23 10:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.20 18:20:25 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.20 11:04:47 | 3486,658,560 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.18 17:51:11 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2012.03.13 13:47:47 | 000,000,045 | ---- | C] () -- C:\Users\Kevin\AppData\Local\machpro.dat
[2012.03.13 13:47:04 | 000,002,275 | ---- | C] () -- C:\Users\Kevin\Desktop\TableNinja.lnk
[2012.03.13 13:47:04 | 000,001,950 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TableNinja.lnk
[2012.03.13 13:06:22 | 000,000,844 | ---- | C] () -- C:\Users\Kevin\Desktop\HoldemManager - Verknüpfung.lnk
[2012.02.29 20:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.08.01 18:35:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.12 22:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.06.01 13:45:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.06.01 13:45:52 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.05.26 20:17:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.26 20:17:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.05.12 20:46:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.01.13 18:18:15 | 000,000,365 | ---- | C] () -- C:\Users\Kevin\AppData\Local\postgresinstall.bat
[2011.01.04 15:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 15:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 15:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 15:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 15:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2010.05.26 19:37:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.04.28 20:31:06 | 000,000,068 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.05 18:47:36 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.02.27 13:08:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.23 16:13:27 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2010.01.27 20:46:45 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.29 12:32:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.23 20:40:51 | 000,000,762 | ---- | C] () -- C:\Windows\Edofma.INI
[2009.08.28 13:25:32 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.23 19:20:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.05.29 17:36:24 | 000,086,250 | ---- | C] () -- C:\Windows\wininit.ini
[2009.05.27 17:23:04 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2009.05.12 12:32:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.03.22 21:18:35 | 000,134,989 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.03.15 19:22:50 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.29 20:02:15 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat
[2009.01.29 19:28:29 | 000,000,386 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Current.prx
[2009.01.26 14:40:49 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2009.01.26 14:40:49 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2009.01.26 11:19:30 | 000,025,478 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2009.01.26 11:15:43 | 000,001,187 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.26 10:43:49 | 000,000,404 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2009.01.25 18:14:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.01.25 18:14:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.01.23 17:21:26 | 000,154,624 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.23 17:10:00 | 000,138,056 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\PnkBstrK.sys
[2009.01.23 17:09:45 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.01.23 17:09:43 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.01.23 17:09:43 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.01.23 15:28:26 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.23 15:28:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.23 15:04:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.01.23 15:04:23 | 000,026,082 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.01.23 15:03:13 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2008.01.21 08:15:58 | 000,699,116 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,156,440 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.02.22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,367,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,655,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,128,292 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.25 14:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll
[1999.01.22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL

< End of report >
--- --- ---

Chris4You 21.03.2012 16:57
Hi,

die müssen was neues gefunden haben oder Du bist auf die gleiche Seite gesurft, die das Teil verbreitet.

Bitte das wie angegeben das OTL-Script abfahren (unter Custom Scans/Fixes reinkopiern und Run fixes klicken... Log postne (s. oben)...

Vor Combofix bitte das hier laufen lassen:
OSAM
Prüft Programme/Treiber die gestartet werden online.
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread.

Dann bitte Combofix laufen lassen... Log posten (im allgemeinen passiert nichts)...

Chris

Kowalski1 21.03.2012 18:05
Code:

All processes killed
========== OTL ==========
========== FILES ==========
File\Folder [2012.03.12 13:32:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Occ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kevin
->Temp folder emptied: 47861993 bytes
->Temporary Internet Files folder emptied: 4742071 bytes
->Java cache emptied: 79584 bytes
->FireFox cache emptied: 50542470 bytes
->Google Chrome cache emptied: 19039371 bytes
->Flash cache emptied: 3052 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: x
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77464 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 117,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 03212012_174245

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:04:08 on 21.03.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL
"viahdcpl.cpl" - "VIA Technologies, Inc" - C:\Windows\system32\viahdcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PnkBstrK" (PnkBstrK) - ? - C:\Windows\system32\drivers\PnkBstrK.sys  (File found, but it contains no detailed information)
"sptd" (sptd) - ? - C:\Windows\System32\Drivers\sptd.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TAP-Win32 Adapter V8" (tap0801) - "The OpenVPN Project" - C:\Windows\System32\DRIVERS\tap0801.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\Windows\system32\erasext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office\MLSHEXT.DLL
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google Toolbar" - ? - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll  (File found, but it contains no detailed information)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll /
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"InterVideo WinCinema Manager.lnk" - ? - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"InterVideo WinCinema Manager.lnk" - ? - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HDAudDeck" - "VIA" - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
"NeroCheck" - "Ahead Software Gmbh" - C:\Windows\system32\NeroCheck.exe
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
"WinPatrol" - "BillP Studios" - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
"XboxStat" - "Microsoft Corporation" - "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Windows\System32\TuneUpDefragService.exe
"@%SystemRoot%\System32\TUProgSt.exe,-1" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\Windows\System32\TUProgSt.exe
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9cbf99ade7883)" (gupdate1c9cbf99ade7883) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft Limited" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\OpenVPN\bin\openvpnserv.exe  (File found, but it contains no detailed information)
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe  (File found, but it contains no detailed information)
"postgresql-8.4 - PostgreSQL Server 8.4" (postgresql-8.4) - "PostgreSQL Global Development Group" - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"TunngleService" (TunngleService) - "Tunngle.net GmbH" - D:\Program Files\Tunngle\TnglCtrl.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"Proxifier NSP" - " " - C:\Windows\system32\PrxerNsp.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PROXIFIER LSP" - "Initex Software" - C:\Windows\system32\PrxerDrv.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

[/code]

Chris4You 21.03.2012 20:05
Hi,

CF laufen lassen und log posten...
OSAM sieht sauber aus....

Statt CF das hier:
Hitman

Lade Dir die passende Version von Hitman runter (32/64Bit), laufen lassen und Log posten.
ACHTUNG: Firewall muss für Hitman geöffnet sein (Zugriff unbedingt erlauben!)
http://filepony.de/?q=hitman

chris

Kowalski1 22.03.2012 18:21
Hab ich laufen lassen, aber er hat mir keinen Log gegeben bzw. ich habe nichts gefunden.
Er hat en paar Sachen gefunden und gelöscht, glaube es waren nur Cookies...

Chris4You 22.03.2012 21:16
Hi,
nichts zu finde, was treibt der Rechner?
chris

Kowalski1 24.03.2012 12:42
Hey,
naja läuft eigentlich alles wie immer, mir kommt der Rechner nur etwas langsamer vor, kann aber auch Einbildung sein.

Chris4You 24.03.2012 19:57
Hi,

ab und an hilft ein defrag, auch von bestimmten windowsteilen...
Defraggler u. CCleaner
Neben defrag der festplatte auch (defraggler): Einstellungen->Boottimedefrag->beim nächsten mal...

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131