Internet explorer langsam, vor kurzem Virus/Spyware

#0
30.05.2010, 13:56
Member

Beiträge: 13
#1 Hi @ll,

vor kurzem hatte ich wohl nen virus/trojaner weiß der teufel was. es hat sich ein vermeintliches anti-viren programm installiert, das mich keine datei mehr starten ließ. immer wurde mir gesagt das jeweilige programm sei infiziert. darauf hin habe ich eine systemwiederherstellung durchgeführt um überhaupt wieder ein programm starten zu können. anschließend habe ich alles mit antivir und spyware doctor gescannt und alle infizierungen entfernt. soweit war dann alles okay, allerdings ist jetzt seit ein paar tagen mein inet explorer (version 8) so komisch langsam.

deswegen habe ich mal alles mit malwarebytes, gmer und hjt durchgecheckt und würde euch bitten, die nachfolgenden logs durchzusehen, ob da etwas auffälliges drin ist.

mein OS ist win vista x64.

Vielen Dank schonmal

Greetz

--------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4155

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

30.05.2010 13:29:10
mbam-log-2010-05-30 (13-29-10).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140375
Laufzeit: 4 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\BOSS\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.







GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-30 13:46:51
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB8 0xFE 0xC3 0x85 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC5 0x49 0x98 0xE0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x1D 0xD3 0x00 0xD1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x75 0x89 0x43 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC5 0x49 0x98 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x09 0x3D 0xCE 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x75 0x89 0x43 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC5 0x49 0x98 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x09 0x3D 0xCE 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x75 0x89 0x43 0x46 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC5 0x49 0x98 0xE0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x09 0x3D 0xCE 0x84 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

---- EOF - GMER 1.0.15 ----











Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:49:02, on 30.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\brsvc01a.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\SysWOW64\brss01a.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Users\BOSS\Documents\Desktop\HJT.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.economist.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -HPW
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpeedFan] C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker\RunApp.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: acaptuser32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\SysWOW64\brsvc01a.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13794 bytes
Seitenanfang Seitenende
30.05.2010, 14:10
Member

Beiträge: 3716
#2 poste das combofix log bitte
http://board.protecus.de/t23187.htm
Seitenanfang Seitenende
30.05.2010, 14:15
Member

Themenstarter

Beiträge: 13
#3 Hey, habs versucht aber Combofix funktioniert wohl nur mit einem 32bit OS?! Was nun?
Seitenanfang Seitenende
30.05.2010, 14:31
Member

Beiträge: 3716
#4 *an kopf schlag*
hatte ich übersehen.

Systemscan mit OTL
download otl:
http://oldtimer.geekstogo.com/OTL.exe
Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "run Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide.
Seitenanfang Seitenende
30.05.2010, 14:51
Member

Themenstarter

Beiträge: 13
#5 OTL logfile created on: 30.05.2010 14:35:09 - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Users\BOSS\Documents\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 72,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,10 Gb Total Space | 19,12 Gb Free Space | 24,17% Space Free | Partition Type: NTFS
Drive D: | 200,36 Gb Total Space | 104,77 Gb Free Space | 52,29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UEBERFETT
Current User Name: BOSS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\BOSS\Documents\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\PROGRAM FILES (X86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe ()
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe ()
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ()
PRC - C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Windows\SysWOW64\brss01a.exe (brother Industries Ltd)
PRC - C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\BOSS\Documents\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\SysNative\TUProgSt.exe (TuneUp Software)
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe ()
SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe ()
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (UMPass) -- C:\Windows\SysNative\DRIVERS\umpass.sys (Microsoft Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys (Portrait Displays, Inc.)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys (Brother Industries Ltd.)
DRV - (PCTCore) -- C:\Windows\SysWOW64\drivers\pctcore.cat ()
DRV - (CSC) -- C:\Windows\CSC [2008.06.06 23:13:55 | 000,000,000 | ---D | M]
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (truecrypt) -- C:\Windows\SysWOW64\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (ET5Drv) -- C:\Windows\ET5Drv.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVidia Corp.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-661538205-1682786210-248367515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.economist.com/
IE - HKU\S-1-5-21-661538205-1682786210-248367515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-661538205-1682786210-248367515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.n-tv.de/"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.03 15:34:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\PROGRAM FILES (X86)\Mozilla Firefox\components [2010.04.08 00:22:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\PROGRAM FILES (X86)\Mozilla Firefox\plugins [2010.05.05 12:48:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.03 15:34:33 | 000,000,000 | ---D | M]

[2009.05.17 20:03:49 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\mozilla\Extensions
[2010.05.29 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\mozilla\Firefox\Profiles\3gsdvxe1.default\extensions
[2010.05.05 20:16:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BOSS\AppData\Roaming\mozilla\Firefox\Profiles\3gsdvxe1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.20 00:53:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.23 02:38:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.23 02:38:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.23 02:38:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.23 02:38:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.23 02:38:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DT HPW] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-661538205-1682786210-248367515-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-661538205-1682786210-248367515-1000..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKU\S-1-5-21-661538205-1682786210-248367515-1000..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-661538205-1682786210-248367515-1000..\Run: [SpeedFan] C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..Trusted Ranges: Range30 (• in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1223210899093&h=0bfbe9ced5904bfbcbc4e265699e7336/&filename=jinstall-6u7-windows-i586-jc.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\PROGRA~2\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\PROGRA~2\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\PROGRA~2\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\BOSS\Pictures\computer_0084.jpg
O24 - Desktop BackupWallPaper: C:\Users\BOSS\Pictures\computer_0084.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{63ebcd0e-34d9-11dd-ba82-001d7d07e34b}\Shell - "" = AutoRun
O33 - MountPoints2\{63ebcd0e-34d9-11dd-ba82-001d7d07e34b}\Shell\AutoRun\command - "" = F:\start.exe -- File not found
O33 - MountPoints2\{8bfd3024-bc12-11de-8da6-001d7d07e34b}\Shell - "" = AutoRun
O33 - MountPoints2\{8bfd3024-bc12-11de-8da6-001d7d07e34b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9ea56cec-2431-11de-b797-001d7d07e34b}\Shell - "" = AutoRun
O33 - MountPoints2\{9ea56cec-2431-11de-b797-001d7d07e34b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008.01.21 05:05:52 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008.01.21 05:07:48 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - C:\Windows\SysNative\frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.05.30 14:32:24 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\BOSS\Documents\Desktop\OTL.exe
[2010.05.30 14:13:55 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.05.30 13:28:51 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Desktop\malware
[2010.05.30 13:25:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\BOSS\Documents\Desktop\HJT.exe
[2010.05.30 13:21:23 | 000,000,000 | ---D | C] -- C:\Users\BOSS\AppData\Roaming\Malwarebytes
[2010.05.30 13:21:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.30 13:21:14 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.30 13:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.05.30 13:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.30 01:18:20 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Desktop\Daybreakers.2009.BDRip.Line.Dubbed.German.XviD-XCOPY
[2010.05.29 17:59:59 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Desktop\DLC - Futurama
[2010.05.28 14:44:19 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Desktop\Defari - 2003 - Odds & Evens (320)
[2010.05.26 17:59:00 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Desktop\Bilder_Ebay
[2010.05.20 00:35:16 | 000,000,000 | ---D | C] -- C:\Users\BOSS\AppData\Local\Threat Expert
[2010.05.20 00:32:34 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\pctwfpfilter.sys
[2010.05.20 00:32:33 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\pctgntdi.sys
[2010.05.20 00:32:33 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\pctplsg.sys
[2010.05.20 00:32:32 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTCore.sys
[2010.05.20 00:32:32 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTAppEvent.sys
[2010.05.20 00:20:51 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.05.20 00:20:51 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.05.20 00:20:51 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.05.20 00:18:51 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010.05.20 00:18:51 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010.05.20 00:18:50 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010.05.20 00:18:47 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010.05.20 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010.05.20 00:18:37 | 000,000,000 | ---D | C] -- C:\Users\BOSS\AppData\Roaming\PC Tools
[2010.05.20 00:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.05.20 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010.05.16 14:58:28 | 000,000,000 | R--D | C] -- C:\Users\BOSS\Documents\Desktop\Dogg Pound - Dogg Food (Digitally Remastered) (1995)
[2010.05.03 18:34:21 | 000,000,000 | ---D | C] -- C:\Users\BOSS\AppData\Roaming\abgx360
[2010.05.03 18:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\abgx360
[2010.05.03 16:00:38 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Ovi
[2010.05.03 15:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2010.05.03 15:34:20 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010.05.03 15:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010.05.03 15:02:46 | 000,042,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2010.05.03 15:01:34 | 000,000,000 | ---D | C] -- C:\Users\BOSS\AppData\Local\NokiaAccount
[2010.05.03 14:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\OviInstallerCache
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.05.30 14:35:48 | 003,932,160 | ---- | M] () -- C:\Users\BOSS\ntuser.dat
[2010.05.30 14:32:28 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\BOSS\Documents\Desktop\OTL.exe
[2010.05.30 14:00:01 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.05.30 13:46:18 | 000,052,592 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.05.30 13:36:04 | 001,665,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.30 13:36:04 | 000,714,572 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.30 13:36:04 | 000,659,516 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.30 13:36:04 | 000,162,160 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.30 13:36:04 | 000,133,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.30 13:31:41 | 000,052,592 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.05.30 13:31:08 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.30 13:31:08 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.30 13:31:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.30 13:31:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.30 13:29:44 | 000,524,288 | -HS- | M] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TMContainer00000000000000000001.regtrans-ms
[2010.05.30 13:29:44 | 000,065,536 | -HS- | M] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TM.blf
[2010.05.30 13:29:43 | 002,591,261 | -H-- | M] () -- C:\Users\BOSS\AppData\Local\IconCache.db
[2010.05.30 13:25:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\BOSS\Documents\Desktop\HJT.exe
[2010.05.30 13:25:23 | 000,293,376 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\gmer.exe
[2010.05.30 03:28:32 | 000,207,360 | ---- | M] () -- C:\Users\BOSS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.29 20:07:37 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B5B62B8F-D0A9-4B48-8BEB-AF7509AF207C}.job
[2010.05.29 19:55:48 | 102,746,234 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\slum_village_-_fantastic_vol._1.rar
[2010.05.28 22:42:30 | 000,002,864 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\aherilaf.dlc
[2010.05.28 14:39:53 | 035,522,204 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\DBCS.rar
[2010.05.26 20:43:37 | 000,000,004 | ---- | M] () -- C:\Users\BOSS\AppData\Roaming\ovczpx.dat
[2010.05.21 14:03:00 | 001,269,862 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\21052010039.jpg
[2010.05.21 14:02:18 | 001,396,307 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\21052010037.jpg
[2010.05.21 14:01:36 | 001,366,393 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\21052010035.jpg
[2010.05.20 02:52:41 | 000,524,288 | -HS- | M] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TMContainer00000000000000000002.regtrans-ms
[2010.05.20 00:32:34 | 000,100,136 | ---- | M] (PC Tools) -- C:\Windows\SysWow64\drivers\pctwfpfilter.sys
[2010.05.20 00:32:33 | 000,233,136 | ---- | M] (PC Tools) -- C:\Windows\SysWow64\drivers\pctgntdi.sys
[2010.05.20 00:32:33 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\SysWow64\drivers\pctplsg.sys
[2010.05.20 00:32:33 | 000,007,387 | ---- | M] () -- C:\Windows\SysWow64\drivers\pctgntdi.cat
[2010.05.20 00:32:33 | 000,007,383 | ---- | M] () -- C:\Windows\SysWow64\drivers\pctplsg.cat
[2010.05.20 00:32:32 | 000,218,592 | ---- | M] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTCore.sys
[2010.05.20 00:32:32 | 000,088,040 | ---- | M] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTAppEvent.sys
[2010.05.20 00:32:32 | 000,007,412 | ---- | M] () -- C:\Windows\SysWow64\drivers\PCTAppEvent.cat
[2010.05.20 00:32:32 | 000,007,383 | ---- | M] () -- C:\Windows\SysWow64\drivers\pctcore.cat
[2010.05.20 00:17:59 | 038,204,720 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\Spyware_Doctor_2010_7.0.0.545_retail_incl_key_crack.rar
[2010.05.19 22:37:18 | 000,524,288 | -HS- | M] () -- C:\Users\BOSS\ntuser.dat{c375656c-9990-11de-b47d-001d7d07e34b}.TMContainer00000000000000000001.regtrans-ms
[2010.05.19 22:37:18 | 000,065,536 | -HS- | M] () -- C:\Users\BOSS\ntuser.dat{c375656c-9990-11de-b47d-001d7d07e34b}.TM.blf
[2010.05.19 17:54:43 | 000,002,864 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\suyase.dlc
[2010.05.18 21:37:23 | 000,011,052 | ---- | M] () -- C:\Users\BOSS\Documents\pfd.xlsx
[2010.05.05 00:30:24 | 128,005,688 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\0ptimus-ipman-xvidrp-a.mp4
[2010.05.04 21:55:50 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.05.03 18:35:16 | 000,002,880 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010.05.03 15:31:44 | 000,105,640 | ---- | M] () -- C:\Users\BOSS\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.03 15:31:05 | 000,387,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.03 15:02:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.05.03 15:02:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.05.30 13:25:22 | 000,293,376 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\gmer.exe
[2010.05.29 19:55:46 | 102,746,234 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\slum_village_-_fantastic_vol._1.rar
[2010.05.28 22:42:29 | 000,002,864 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\aherilaf.dlc
[2010.05.28 14:39:52 | 035,522,204 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\DBCS.rar
[2010.05.26 20:43:37 | 000,000,004 | ---- | C] () -- C:\Users\BOSS\AppData\Roaming\ovczpx.dat
[2010.05.26 17:55:50 | 001,396,307 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\21052010037.jpg
[2010.05.26 17:55:50 | 001,366,393 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\21052010035.jpg
[2010.05.26 17:55:48 | 001,269,862 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\21052010039.jpg
[2010.05.20 00:32:33 | 000,007,387 | ---- | C] () -- C:\Windows\SysWow64\drivers\pctgntdi.cat
[2010.05.20 00:32:33 | 000,007,383 | ---- | C] () -- C:\Windows\SysWow64\drivers\pctplsg.cat
[2010.05.20 00:32:32 | 000,007,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\PCTAppEvent.cat
[2010.05.20 00:32:32 | 000,007,383 | ---- | C] () -- C:\Windows\SysWow64\drivers\pctcore.cat
[2010.05.20 00:20:51 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.05.20 00:20:51 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.05.20 00:20:51 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.05.20 00:20:51 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.05.20 00:20:51 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.05.20 00:18:51 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010.05.20 00:18:50 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010.05.20 00:18:47 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010.05.20 00:18:39 | 000,010,662 | ---- | C] () -- C:\Users\BOSS\AppData\Local\dd_vcredistUI3205.txt
[2010.05.20 00:18:38 | 000,354,782 | ---- | C] () -- C:\Users\BOSS\AppData\Local\dd_vcredistMSI3201.txt
[2010.05.20 00:18:38 | 000,011,154 | ---- | C] () -- C:\Users\BOSS\AppData\Local\dd_vcredistUI3201.txt
[2010.05.19 23:52:44 | 038,204,720 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\Spyware_Doctor_2010_7.0.0.545_retail_incl_key_crack.rar
[2010.05.19 22:39:41 | 000,524,288 | -HS- | C] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TMContainer00000000000000000002.regtrans-ms
[2010.05.19 22:39:41 | 000,524,288 | -HS- | C] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TMContainer00000000000000000001.regtrans-ms
[2010.05.19 22:39:41 | 000,065,536 | -HS- | C] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TM.blf
[2010.05.19 17:54:43 | 000,002,864 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\suyase.dlc
[2010.05.14 22:40:01 | 000,011,052 | ---- | C] () -- C:\Users\BOSS\Documents\pfd.xlsx
[2010.05.05 00:30:22 | 128,005,688 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\0ptimus-ipman-xvidrp-a.mp4
[2010.05.03 15:02:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.05.03 15:02:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010.05.03 15:02:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2009.07.07 02:48:21 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.06.03 14:10:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.03 14:10:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2008.09.07 19:15:51 | 000,000,279 | ---- | C] () -- C:\Windows\game.ini
[2008.07.19 01:05:51 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2008.07.19 01:05:49 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.07.19 01:05:49 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.07.19 01:05:48 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008.07.19 01:05:48 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2008.07.13 23:19:28 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2008.07.13 23:19:27 | 000,000,478 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.07.13 23:19:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.07.13 23:18:03 | 000,000,364 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008.07.13 23:18:03 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008.07.13 23:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2008.07.13 23:17:12 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008.06.24 21:10:56 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2008.06.08 01:38:58 | 001,694,870 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.06.06 17:32:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008.01.21 04:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.03.12 13:01:30 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006.08.16 16:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010.05.03 18:34:22 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\abgx360
[2009.07.06 21:30:46 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Audacity
[2009.11.20 04:39:26 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\BayCalculator
[2008.06.08 19:44:05 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008.07.11 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\DisplayTune
[2008.11.16 14:07:28 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\FRITZ!
[2008.12.03 01:36:35 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\GrabIt
[2008.10.06 00:58:06 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\ImgBurn
[2009.02.17 05:38:06 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Newsbin
[2008.12.03 01:54:05 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\NewsLeecher
[2010.05.03 15:03:39 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nokia
[2009.12.11 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nseries
[2009.09.02 00:55:23 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nuance
[2010.05.03 16:00:16 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PC Suite
[2009.11.13 22:46:36 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PC-FAX TX
[2009.04.08 02:22:45 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PeerNetworking
[2008.12.01 00:21:46 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Red Alert 3
[2009.09.11 16:04:30 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TeamViewer
[2008.06.06 18:23:03 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TrueCrypt
[2009.09.04 22:32:35 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TuneUp Software
[2009.07.16 02:59:00 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Ubisoft
[2009.09.02 00:54:32 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Zeon
[2010.05.30 14:00:01 | 000,000,534 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.05.30 13:29:46 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.05.29 20:07:37 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B5B62B8F-D0A9-4B48-8BEB-AF7509AF207C}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010.05.03 18:34:22 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\abgx360
[2010.03.08 20:12:16 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Adobe
[2008.06.15 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Ahead
[2008.01.01 12:44:32 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\ATI
[2009.07.06 21:30:46 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Audacity
[2010.03.25 17:04:12 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Avira
[2009.11.20 04:39:26 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\BayCalculator
[2008.07.13 23:20:22 | 000,000,000 | R--D | M] -- C:\Users\BOSS\AppData\Roaming\Brother
[2008.06.08 19:44:05 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008.06.06 21:03:22 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Corel
[2008.07.11 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\DisplayTune
[2010.03.16 23:55:25 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\DivX
[2008.11.16 14:07:28 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\FRITZ!
[2008.12.03 01:36:35 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\GrabIt
[2008.06.06 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Identities
[2008.10.06 00:58:06 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\ImgBurn
[2008.06.06 17:42:40 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\InstallShield
[2008.06.06 18:54:04 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Macromedia
[2010.05.30 13:21:23 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Malwarebytes
[2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Media Center Programs
[2009.04.01 01:05:34 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Media Player Classic
[2010.05.03 15:28:51 | 000,000,000 | --SD | M] -- C:\Users\BOSS\AppData\Roaming\Microsoft
[2010.05.20 20:06:52 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\mIRC
[2009.05.17 20:03:49 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Mozilla
[2009.02.17 05:38:06 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Newsbin
[2008.12.03 01:54:05 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\NewsLeecher
[2010.05.03 15:03:39 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nokia
[2009.12.11 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nseries
[2009.09.02 00:55:23 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nuance
[2010.05.03 16:00:16 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PC Suite
[2010.05.20 00:18:37 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PC Tools
[2009.11.13 22:46:36 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PC-FAX TX
[2009.04.08 02:22:45 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PeerNetworking
[2009.09.04 23:18:45 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Real
[2008.12.01 00:21:46 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Red Alert 3
[2008.06.08 01:09:39 | 000,000,000 | RH-D | M] -- C:\Users\BOSS\AppData\Roaming\SecuROM
[2009.09.11 16:04:30 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TeamViewer
[2008.06.06 18:23:03 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TrueCrypt
[2009.09.04 22:32:35 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TuneUp Software
[2009.09.03 03:16:46 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\U3
[2009.07.16 02:59:00 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Ubisoft
[2008.12.12 01:41:43 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\vlc
[2008.06.06 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\WinRAR
[2009.09.02 00:54:32 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Zeon

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2009.05.29 15:04:20 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\BOSS\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2010.03.23 23:33:51 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\BOSS\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.06.03 18:30:47 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
[2009.03.29 21:44:00 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
[2009.04.14 17:34:11 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg1\RealPlayer11.exe
[2009.04.22 17:34:11 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg2\RealPlayer11.exe
[2009.05.03 18:30:38 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe
[2009.05.15 18:30:39 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
[2009.05.27 18:30:43 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe
[2009.06.03 18:30:47 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg6\RealPlayer11.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\BOSS\AppData\Roaming\U3\temp\cleanup.exe
[2007.10.23 10:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Users\BOSS\AppData\Roaming\U3\temp\Launchpad Removal.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008.01.21 04:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008.01.21 04:45:58 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2008.01.21 04:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008.01.21 04:50:06 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2008.01.21 04:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008.01.21 04:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:48:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008.01.21 04:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:48:49 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

[color=#A23BEC]< MD5 for: WS2IFSL.SYS >[/color]
[2008.01.21 04:48:44 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

[color=#A23BEC]< >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP;)FC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:527B6DAD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:425D0709
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Seitenanfang Seitenende
30.05.2010, 14:52
Member

Themenstarter

Beiträge: 13
#6 OTL Extras logfile created on: 30.05.2010 14:35:09 - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Users\BOSS\Documents\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 72,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,10 Gb Total Space | 19,12 Gb Free Space | 24,17% Space Free | Partition Type: NTFS
Drive D: | 200,36 Gb Total Space | 104,77 Gb Free Space | 52,29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UEBERFETT
Current User Name: BOSS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-661538205-1682786210-248367515-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRAM FILES (X86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 94 19 4F 18 47 E4 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0393487B-2985-47E2-9B0D-8B467EEEF546}" = lport=10244 | protocol=6 | dir=in | app=system |
"{048005A4-A722-4691-8B26-CBBA3AB68334}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BA6DAA7-FB70-493B-9D0B-8CD48F81C4D6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{13C4878E-728E-4875-A598-EA0412FDE540}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{214915B3-1507-41F5-A956-28933010B271}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2281DF12-B81D-422A-B23D-268683E6EF70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23345C7D-8D94-4659-BE22-D531F568D9A7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2C7DC72F-01AB-46CC-88CC-84421D2B95B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35BCA26A-97F1-4746-ADF1-F9D12E2A56B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{360D0B0F-8755-4668-97D9-84C5FE17C825}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38B56CA1-FC2F-4672-9A38-2BA7F5A20661}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BA5DAE1-DCDA-451D-9DA6-48D283B56E34}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41A7E383-816B-4B70-A203-B5A3AB8176E8}" = rport=10244 | protocol=6 | dir=out | app=system |
"{47BDBF77-30AB-40F3-9610-79E62FE20C0A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5347F7C2-7737-4DA0-A3B9-8A5FDA03E659}" = lport=10244 | protocol=6 | dir=in | app=system |
"{55B570E1-4580-4923-8ECD-E84A9E8A2D26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B94AD52-1D10-4444-ABF4-915C0B7A2434}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CB00760-9332-4399-A5A2-21468FE6A4D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7856E26A-4DB2-4B70-A457-3288A176982A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CF24E56-ED69-469C-8D1C-18137470706E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E55DE8C-8841-4ED7-8ED1-F91F5964C097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EC20CD5-30F7-4566-9CBA-34A3CFB78058}" = lport=2869 | protocol=6 | dir=in | app=system |
"{834FD472-58F0-4906-B70D-7FCC1E38C42A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89D4E30F-6803-45EE-B847-2527A7480916}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8AF35F6C-92AA-45BC-B1D8-36804A8B1096}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B80E309-F058-43AF-8C86-BC7FA787DD91}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8C05DE7F-CC12-4DE1-8780-05AFA4EFE003}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C4EAA66-A384-41A1-9025-AE58AECC1BEE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8CC5E867-4C4B-49BA-A2D3-3605251E3B0E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A1A3FD92-DB19-44E5-B2B0-C24C39A7BB65}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A2BA3566-C2D4-4989-A0AE-487E148FB62F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A711FAF5-6B91-4C7F-AFBB-8DEF2768BA74}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{ADCC2AF9-597B-451D-9929-3CDB04BCE145}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AE4028D2-0E5A-42F1-92FF-AA6CE458CC4D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B38E7DFF-C082-4834-A1D8-961157954053}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C4366141-A221-4D9C-859E-0A060EA9C624}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D79DB963-E4F5-436E-8BDE-A8508B9BEB20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC0A11BD-8C24-46AA-88EB-9381131828D8}" = lport=445 | protocol=6 | dir=in | app=system |
"{EE896F9A-C657-49F9-BC9A-57BBCDC02929}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAD202F2-D224-4DFC-8800-363B094DD1FD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC11CB24-1FAA-43AB-B58A-C453E2C819E2}" = lport=3390 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068F7A0B-F1C8-43AC-A1F4-7675FAD7EC5B}" = protocol=6 | dir=in | app=d:\games\crysis\bin64\crysisdedicatedserver.exe |
"{0EEB2CD0-42B6-45A2-A2DF-E1FF633F7CBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12A28F64-A6A3-4000-8203-5403366630D3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{169C4E59-BED0-49ED-A401-999B05EF7DF0}" = protocol=6 | dir=out | app=system |
"{28D24DB5-F1AD-4ABB-9E79-7EA1FEA903D9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{2DDD72AA-DF4E-4053-B2B2-6384F0B6627E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3165DD8B-8E9C-4956-990B-ADAADCC42190}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{324FFA25-B69A-43F9-B93F-739182EAE848}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CA1D176-81A0-4BA6-9A48-73DE0C4D2F67}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3FB308A3-FBA7-4374-B720-D08CFF1FCD3E}" = protocol=17 | dir=in | app=d:\games\cod4\iw3mp.exe |
"{447A5A50-CED7-4AFE-952F-4004DC56CCE3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{49305790-BB2A-4E5D-ACD1-2EBEE14FB8BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AE860D1-F804-405E-A3C7-8E06263FF6FE}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{4C9392DA-5EBA-4EE8-8B2A-A655DE4DFC82}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{52480A6D-2C5F-4A3F-8CC2-344E74D6F9A4}" = protocol=6 | dir=in | app=d:\games\crysis\bin32\crysis.exe |
"{52D922B2-A02E-42F6-AAD6-6FA8131E534C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{61334954-6714-4175-BD1A-9B44760C1363}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{619FA81C-31D6-4546-AFCC-10F2A72231A9}" = protocol=17 | dir=in | app=c:\program files (x86)\d-link\d-link wireless n dwa-140\airncfg.exe |
"{6E4FDB91-AC24-4E55-A6A9-6E4FE4B606C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{746E3C80-6E58-4C47-BACA-92B0A6D57371}" = protocol=6 | dir=in | app=d:\games\cod4\iw3mp.exe |
"{7B9CA5FA-8302-4D34-B09B-8872DA4FCB7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E83F09E-0187-4F96-B721-20684D6036E0}" = protocol=17 | dir=in | app=d:\games\crysis\bin32\crysis.exe |
"{8577BE3B-B8B8-4DD4-9064-F148E8DEEFF5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8B656B71-3C26-448A-8501-E7A5E142BDA4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{966BA6C8-5FF4-43DE-8F4D-81FD7CD94DC2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{96F3FB3E-884C-43F5-A694-6C62BF222717}" = protocol=6 | dir=in | app=d:\games\crysis\bin32\crysisdedicatedserver.exe |
"{A1A9023D-70DA-436E-B669-4AFA0ECBC6AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5A99F7B-B06C-4AAA-BA86-9593EEA6695B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AAE0F864-1458-48D8-B968-B6034533AA31}" = protocol=17 | dir=in | app=d:\games\crysis\bin64\crysis.exe |
"{B118268E-9BD7-4C6A-BCCD-263E30ED6F18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B2055123-BD1D-4314-8E5C-54C701DBA929}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6270784-9B7B-4CB4-8D0A-31F4D75C9800}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{B73DAB92-54E9-4C6E-92F6-D766799626DD}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C7DB7B63-6518-48DA-9350-18550A31BDFC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C857A8A0-CBCA-4EC2-A626-C283694898F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA280EAE-8658-4149-AD42-2DD96A21D933}" = protocol=6 | dir=in | app=c:\program files (x86)\d-link\d-link wireless n dwa-140\airncfg.exe |
"{CEC02F8D-4873-4C93-8835-FB0A6FF36B66}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CFA75DAB-52E9-4368-8D2C-B1F4ACAA44CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3AF9042-E125-4EB2-9F7F-6FC1953DC251}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D4B9637F-4482-418F-9A03-85B5F9690E71}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D4FB0A9B-4E2B-455D-ACCE-3CB90DF186CD}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D7B441D3-9A24-49DE-B5D9-99D9A9455AFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0BDEAD6-25B1-47EA-BB55-74AF086DF027}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1EBA9F5-348A-4BCD-9947-82C0582C8D2E}" = protocol=17 | dir=in | app=d:\games\crysis\bin32\crysisdedicatedserver.exe |
"{F8661F38-0B7B-4C4D-A5B4-2CA01D04BF69}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FD8F4367-B8A8-4294-88C6-EA940726E3EE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FE1063A1-3FB6-4A11-80C6-7476ACED073B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{FF6062CB-2705-4FCC-9490-A7476089F181}" = protocol=17 | dir=in | app=d:\games\crysis\bin64\crysisdedicatedserver.exe |
"{FF83A3C0-1315-40F8-8F08-FF09BCF9D7B8}" = protocol=6 | dir=in | app=d:\games\crysis\bin64\crysis.exe |
"{FFB22D27-1380-4803-960D-AEB684BD4683}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat |
"TCP Query User{100A939F-7488-44CA-98D5-2EFED2933244}D:\games\command and conquer\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=d:\games\command and conquer\retailexe\1.9\cnc3game.dat |
"TCP Query User{141EC7E4-1333-4481-B6A8-444EDCAD801C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{1F94457F-53CC-4B49-BD96-3A19983EF862}X:\002 -=appz=-\soulseek.156c\soulseek\slsk.exe" = protocol=6 | dir=in | app=x:\002 -=appz=-\soulseek.156c\soulseek\slsk.exe |
"TCP Query User{215EF371-2BD8-41FA-B729-1933E2EC5006}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{34F4A029-2C26-44C0-8887-5B929C752E1D}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe |
"TCP Query User{3AEA849E-69FE-4747-8176-FFB6D2038C7A}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{3BD30F37-FEFF-45BF-B18A-925AE2B61575}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{50EFA9AF-2B2C-4A75-80C0-7E41BA998B02}C:\program files (x86)\gigabyte\gest\run.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\gest\run.exe |
"TCP Query User{57464D60-D2FA-4DC3-83B5-B990AF885075}X:\candisoft_load!_0.5.2\load.exe" = protocol=6 | dir=in | app=x:\candisoft_load!_0.5.2\load.exe |
"TCP Query User{6BBFDD6A-F365-4FC4-87F2-B286703D4E0B}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{6CFDEFB1-3233-4647-AF93-B86345962F1B}D:\games\alarmstufe rot 3\data\ra3_1.4.game" = protocol=6 | dir=in | app=d:\games\alarmstufe rot 3\data\ra3_1.4.game |
"TCP Query User{72859AA6-2B87-4787-8EF0-D34C0CB6D6B7}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{865AAC32-8DB2-499B-B57E-18335D5A82B3}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{868049AC-3818-46F3-B7CE-D7A6943F01EA}D:\games\command and conquer\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=d:\games\command and conquer\retailexe\1.9\cnc3game.dat |
"TCP Query User{88E32CAF-2838-4FDF-A3A2-1580AD04B0C1}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{8E9AD843-5B13-4C90-8238-BA46F1657F83}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{AEBE9A0F-F357-422C-9FC4-71122B2FAE78}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{BD679648-AECC-4F5E-BCBE-6C6B750709B9}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{CAF6157C-3E93-4EF0-82C3-7AEA96B83BF6}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{DDA296B8-802E-4C42-BC0B-48ABC75CC0BC}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe |
"TCP Query User{DEF9D727-A19A-46E1-9821-4B667AAFE7A7}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{E22CBDD7-FF5E-4FD7-8FF5-C8CC4DD4180E}C:\program files (x86)\java\jre1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\java.exe |
"TCP Query User{F1836E82-1472-477B-84F8-6447446ABA85}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"TCP Query User{F92F13E3-680B-486E-BD26-5B25B5473D4C}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"UDP Query User{04780A42-9353-4FE1-AA56-0910C411246D}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{05E62A6C-7124-49B2-84A4-6E3B3541DAD1}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe |
"UDP Query User{1C24C7A7-CBAF-4CCB-B0AF-51C886B4D948}C:\program files (x86)\gigabyte\gest\run.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\gest\run.exe |
"UDP Query User{205B27CA-C462-44CF-9679-F9668EA7DC58}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe |
"UDP Query User{2AA0BD7B-1595-4E4E-B667-38308142B87C}D:\games\command and conquer\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=d:\games\command and conquer\retailexe\1.9\cnc3game.dat |
"UDP Query User{2AE6C66B-9FCE-43C6-AA26-7E5EB90FA18B}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"UDP Query User{3B2B72DF-3216-4E3A-8B8D-A41FCEDABDE6}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"UDP Query User{3F15F119-ECFF-4775-9333-7CC23BFBA852}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{4C69F9D2-6427-4E5F-9961-E0979FF773D8}D:\games\alarmstufe rot 3\data\ra3_1.4.game" = protocol=17 | dir=in | app=d:\games\alarmstufe rot 3\data\ra3_1.4.game |
"UDP Query User{529F19C8-C91C-4E8E-9825-6C203CA56EBE}D:\games\command and conquer\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=d:\games\command and conquer\retailexe\1.9\cnc3game.dat |
"UDP Query User{549FAB65-4F16-4B74-9D0A-7C7C2C03839A}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{7C999D2A-7241-41C0-BC56-7EC239E6A967}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{7ECB043B-1AE6-4CE3-B996-D55578410E53}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{8FA68DA9-C3A7-4A24-A6A5-EA02DE1914F7}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{9270D73E-5EC8-471F-9C1A-1B783AF14E47}C:\program files (x86)\java\jre1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\java.exe |
"UDP Query User{9348544B-4E84-4F7E-8539-C0AEC8C21321}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{96F87E7B-91A1-4076-95FF-423E745DDE21}X:\002 -=appz=-\soulseek.156c\soulseek\slsk.exe" = protocol=17 | dir=in | app=x:\002 -=appz=-\soulseek.156c\soulseek\slsk.exe |
"UDP Query User{B03BF483-F1F6-4F4C-84EC-36B5497959CF}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{B7B0D62A-6267-43FC-AB6A-7EA068F97CDF}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{C3F44DA1-1B0D-4711-B224-4FD55F973509}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{CBFFB46C-1EA7-4FF0-BFF9-5796E23E5D28}X:\candisoft_load!_0.5.2\load.exe" = protocol=17 | dir=in | app=x:\candisoft_load!_0.5.2\load.exe |
"UDP Query User{D9F7E27A-2018-4A14-BA95-4557D8A6D4D9}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{EC84293C-DB28-4FCC-98CB-5777477FA372}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{EFA94FD8-91AC-4E38-B919-5897A7E288C0}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"UltSounds" = Windows-Soundschemas

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{72CBC468-82F9-48F8-B5B0-3300387E41AA}" = Nokia Ovi Suite Software Updater
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Ultra Edition
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_913" = Adobe Acrobat 9.1.3 - CPSID_49522
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BE850443-DF4F-4B6F-9968-4F8F3125B964}" = No23Live
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"abgx360" = abgx360 v1.0.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CloneCD" = CloneCD
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"DeskScapes" = DeskScapes
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50
"Fraps" = Fraps
"ImgBurn" = ImgBurn
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IsoBuster_is1" = IsoBuster 2.4
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NewsBin5" = NewsBin Pro
"nLite_is1" = nLite 1.4.9.1
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PartyPoker" = PartyPoker
"PDFCreator Toolbar" = PDFCreator Toolbar
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor" = Spyware Doctor 7.0
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"TVAnts 1.0" = TVAnts 1.0
"UltraISO_is1" = UltraISO Premium V9.2
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR
"XviD4PSP5" = XviD4PSP 5.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-661538205-1682786210-248367515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 14.01.2010 08:25:43 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 14.01.2010 08:25:43 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 14.01.2010 08:25:49 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 14.01.2010 09:11:06 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 14.01.2010 09:11:06 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 15.01.2010 08:03:57 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 15.01.2010 08:03:59 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 15.01.2010 08:03:59 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 15.01.2010 08:29:20 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 15.01.2010 08:29:20 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

[ Media Center Events ]
Error - 14.11.2009 14:50:17 | Computer Name = ueberfett | Source = McrMgr | ID = 109
Description =

[ OSession Events ]
Error - 11.05.2009 11:55:17 | Computer Name = ueberfett | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 26.05.2010 08:30:05 | Computer Name = ueberfett | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =

Error - 27.05.2010 09:37:24 | Computer Name = ueberfett | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =

Error - 27.05.2010 21:45:53 | Computer Name = ueberfett | Source = DCOM | ID = 10010
Description =

Error - 28.05.2010 11:16:47 | Computer Name = ueberfett | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =

Error - 28.05.2010 16:45:36 | Computer Name = ueberfett | Source = Ntfs | ID = 262281
Description = Der Transaktionsressourcen-Manager auf Volume "X:" konnte aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.

Error - 29.05.2010 11:59:12 | Computer Name = ueberfett | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =

Error - 29.05.2010 11:59:29 | Computer Name = ueberfett | Source = Ntfs | ID = 262281
Description = Der Transaktionsressourcen-Manager auf Volume "X:" konnte aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.

Error - 29.05.2010 12:02:38 | Computer Name = ueberfett | Source = Ntfs | ID = 262281
Description = Der Transaktionsressourcen-Manager auf Volume "Y:" konnte aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.

Error - 29.05.2010 21:50:43 | Computer Name = ueberfett | Source = DCOM | ID = 10010
Description =

Error - 30.05.2010 07:29:42 | Computer Name = ueberfett | Source = DCOM | ID = 10010
Description =

[ TuneUp Events ]
Error - 30.05.2010 07:21:26 | Computer Name = ueberfett | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-05-30 13:21:26', '\device\harddiskvolume1\program
files (x86)\malwarebytes' anti-malware\mbam.exe','5200',0)


< End of report >
Seitenanfang Seitenende
30.05.2010, 15:05
Member

Beiträge: 3716
#7 • Es öffnet sich das Programm-Fenster des Tools.
• Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
• Klicke Ja, um fortzufahren.
• Wenn die Nachricht 'Finished!' erscheint,
• klicke OK.
• DeFogger wird nun einen Reboot erfragen - klicke OK
• Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.
:OTL
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[start explorer]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten
Seitenanfang Seitenende
30.05.2010, 15:22
Member

Themenstarter

Beiträge: 13
#8 All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: BOSS
->Flash cache emptied: 4282869 bytes

User: Default

User: Default User

User: Mcx1

User: Public

Total Flash Files Cleaned = 4,00 mb


[EMPTYTEMP]

User: All Users

User: BOSS
->Temp folder emptied: 211855516 bytes
->Temporary Internet Files folder emptied: 1460417460 bytes
->Java cache emptied: 42872967 bytes
->FireFox cache emptied: 61080587 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 101114 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3221600 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29201 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67468 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 19425313 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 9873383 bytes

Total Files Cleaned = 1.725,00 mb


OTL by OldTimer - Version 3.2.5.1 log created on 05302010_151617

Files\Folders moved on Reboot...
C:\Users\BOSS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\BOSS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98EO5PPK\start[2].htm moved successfully.

Registry entries deleted on Reboot...
Seitenanfang Seitenende
30.05.2010, 15:48
Member

Beiträge: 3716
#9 immernoch langsam?

was genau ist denn langsam?
Seitenanfang Seitenende
30.05.2010, 15:58
Member

Themenstarter

Beiträge: 13
#10 naja langsam ist gar nicht so das problem ie braucht halt manchmal etwas länger wenn er ne seite lädt oder wenn ich n neues tab öffne bleibt er kurz hängen etc. obwohl ich 8gb ram hab. Damit kann ich aber leben, mir is eben nur wichtig dass ich kein trojaner o.ä. drauf hab weil ich zb viel inet banking mach. Kannst du das nun ausschließen? Formatieren sollt ich im nächsten halben jahr eh mal wieder. Vielen dank mal soweit...
Seitenanfang Seitenende
30.05.2010, 16:01
Member

Beiträge: 3716
#11 wir sehen uns dein sys näher an, ich wollte ja nur wissen was genau das problem ist.
http://board.protecus.de/t37785.htm
kaspersky avp nutzen log posten.
Seitenanfang Seitenende
30.05.2010, 18:44
Member

Themenstarter

Beiträge: 13
#12 ohje das dauert ja ewig, läuft jetzt schon 2,5 h und ist erst bei 49% :X
Seitenanfang Seitenende
30.05.2010, 18:50
Member

Beiträge: 3716
#13 schalte alle programme, auch dein antivirus aus, arbeite nicht am pc.
Seitenanfang Seitenende
30.05.2010, 20:08
Member

Themenstarter

Beiträge: 13
#14 Ok jetzt is es fertig, woher bekomm ich den log?!
Seitenanfang Seitenende
30.05.2010, 20:29
Member

Beiträge: 3716
#15 wurde denn etwas gefunden und gelöscht?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: