Home » Spyware & Browser Hijacker Support Forum » Internet explorer langsam, vor kurzem Virus/Spyware » Themenansicht
Internet explorer langsam, vor kurzem Virus/Spyware |
||
|---|---|---|
| #0
| ||
|
30.05.2010, 13:56
Member
Beiträge: 13 |
||
 
|
|
|
|
30.05.2010, 14:10
Member
Beiträge: 3716 |
||
|
|
|
|
|
30.05.2010, 14:15
Member
Themenstarter Beiträge: 13 |
#3
Hey, habs versucht aber Combofix funktioniert wohl nur mit einem 32bit OS?! Was nun?
|
|
|
|
|
|
|
30.05.2010, 14:31
Member
Beiträge: 3716 |
#4
*an kopf schlag*
hatte ich übersehen. Systemscan mit OTL download otl: http://oldtimer.geekstogo.com/OTL.exe Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "run Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide. |
|
|
|
|
|
|
30.05.2010, 14:51
Member
Themenstarter Beiträge: 13 |
#5
OTL logfile created on: 30.05.2010 14:35:09 - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Users\BOSS\Documents\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 72,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,10 Gb Total Space | 19,12 Gb Free Space | 24,17% Space Free | Partition Type: NTFS Drive D: | 200,36 Gb Total Space | 104,77 Gb Free Space | 52,29% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: UEBERFETT Current User Name: BOSS Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\BOSS\Documents\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\PROGRAM FILES (X86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe () PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) PRC - C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc) PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe () PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe () PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe () PRC - C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Windows\SysWOW64\brss01a.exe (brother Industries Ltd) PRC - C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Users\BOSS\Documents\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\SysNative\TUProgSt.exe (TuneUp Software) SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe () SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe () SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (UMPass) -- C:\Windows\SysNative\DRIVERS\umpass.sys (Microsoft Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys (Portrait Displays, Inc.) DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys (Brother Industries Ltd.) DRV - (PCTCore) -- C:\Windows\SysWOW64\drivers\pctcore.cat () DRV - (CSC) -- C:\Windows\CSC [2008.06.06 23:13:55 | 000,000,000 | ---D | M] DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (truecrypt) -- C:\Windows\SysWOW64\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (ET5Drv) -- C:\Windows\ET5Drv.sys (Windows (R) Codename Longhorn DDK provider) DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVidia Corp.) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-661538205-1682786210-248367515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.economist.com/ IE - HKU\S-1-5-21-661538205-1682786210-248367515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-661538205-1682786210-248367515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.n-tv.de/" FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.03 15:34:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\PROGRAM FILES (X86)\Mozilla Firefox\components [2010.04.08 00:22:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\PROGRAM FILES (X86)\Mozilla Firefox\plugins [2010.05.05 12:48:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.03 15:34:33 | 000,000,000 | ---D | M] [2009.05.17 20:03:49 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\mozilla\Extensions [2010.05.29 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\mozilla\Firefox\Profiles\3gsdvxe1.default\extensions [2010.05.05 20:16:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BOSS\AppData\Roaming\mozilla\Firefox\Profiles\3gsdvxe1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.20 00:53:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.23 02:38:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.23 02:38:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.23 02:38:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.23 02:38:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.23 02:38:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DT HPW] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-661538205-1682786210-248367515-1000..\Run: [] File not found O4 - HKU\S-1-5-21-661538205-1682786210-248367515-1000..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKU\S-1-5-21-661538205-1682786210-248367515-1000..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKU\S-1-5-21-661538205-1682786210-248367515-1000..\Run: [SpeedFan] C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker\RunApp.exe () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-661538205-1682786210-248367515-1000\..Trusted Ranges: Range30 (• in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1223210899093&h=0bfbe9ced5904bfbcbc4e265699e7336/&filename=jinstall-6u7-windows-i586-jc.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\PROGRA~2\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll (Stardock Corporation) O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\PROGRA~2\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll (Stardock) O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\PROGRA~2\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll (Stardock) O24 - Desktop WallPaper: C:\Users\BOSS\Pictures\computer_0084.jpg O24 - Desktop BackupWallPaper: C:\Users\BOSS\Pictures\computer_0084.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{63ebcd0e-34d9-11dd-ba82-001d7d07e34b}\Shell - "" = AutoRun O33 - MountPoints2\{63ebcd0e-34d9-11dd-ba82-001d7d07e34b}\Shell\AutoRun\command - "" = F:\start.exe -- File not found O33 - MountPoints2\{8bfd3024-bc12-11de-8da6-001d7d07e34b}\Shell - "" = AutoRun O33 - MountPoints2\{8bfd3024-bc12-11de-8da6-001d7d07e34b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{9ea56cec-2431-11de-b797-001d7d07e34b}\Shell - "" = AutoRun O33 - MountPoints2\{9ea56cec-2431-11de-b797-001d7d07e34b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008.01.21 05:05:52 | 000,000,000 | ---D | M] NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008.01.21 05:07:48 | 000,000,000 | ---D | M] NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PEVSystemStart - Service SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: procexp90.Sys - Driver SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof () SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PEVSystemStart - Service SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: procexp90.Sys - Driver SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof () SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof () SafeBootNet: TDI - Driver Group SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof () SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation) Drivers32:64bit: VIDC.FPS1 - C:\Windows\SysNative\frapsv64.dll (Beepa P/L) Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation) Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation) Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010.05.30 14:32:24 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\BOSS\Documents\Desktop\OTL.exe [2010.05.30 14:13:55 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010.05.30 13:28:51 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Desktop\malware [2010.05.30 13:25:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\BOSS\Documents\Desktop\HJT.exe [2010.05.30 13:21:23 | 000,000,000 | ---D | C] -- C:\Users\BOSS\AppData\Roaming\Malwarebytes [2010.05.30 13:21:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.05.30 13:21:14 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.05.30 13:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.05.30 13:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.30 01:18:20 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Desktop\Daybreakers.2009.BDRip.Line.Dubbed.German.XviD-XCOPY [2010.05.29 17:59:59 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Desktop\DLC - Futurama [2010.05.28 14:44:19 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Desktop\Defari - 2003 - Odds & Evens (320) [2010.05.26 17:59:00 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Desktop\Bilder_Ebay [2010.05.20 00:35:16 | 000,000,000 | ---D | C] -- C:\Users\BOSS\AppData\Local\Threat Expert [2010.05.20 00:32:34 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\pctwfpfilter.sys [2010.05.20 00:32:33 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\pctgntdi.sys [2010.05.20 00:32:33 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\pctplsg.sys [2010.05.20 00:32:32 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTCore.sys [2010.05.20 00:32:32 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTAppEvent.sys [2010.05.20 00:20:51 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2010.05.20 00:20:51 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2010.05.20 00:20:51 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2010.05.20 00:18:51 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys [2010.05.20 00:18:51 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys [2010.05.20 00:18:50 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys [2010.05.20 00:18:47 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2010.05.20 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor [2010.05.20 00:18:37 | 000,000,000 | ---D | C] -- C:\Users\BOSS\AppData\Roaming\PC Tools [2010.05.20 00:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.05.20 00:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2010.05.16 14:58:28 | 000,000,000 | R--D | C] -- C:\Users\BOSS\Documents\Desktop\Dogg Pound - Dogg Food (Digitally Remastered) (1995) [2010.05.03 18:34:21 | 000,000,000 | ---D | C] -- C:\Users\BOSS\AppData\Roaming\abgx360 [2010.05.03 18:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\abgx360 [2010.05.03 16:00:38 | 000,000,000 | ---D | C] -- C:\Users\BOSS\Documents\Ovi [2010.05.03 15:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia [2010.05.03 15:34:20 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2010.05.03 15:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2010.05.03 15:02:46 | 000,042,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2010.05.03 15:01:34 | 000,000,000 | ---D | C] -- C:\Users\BOSS\AppData\Local\NokiaAccount [2010.05.03 14:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\OviInstallerCache [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010.05.30 14:35:48 | 003,932,160 | ---- | M] () -- C:\Users\BOSS\ntuser.dat [2010.05.30 14:32:28 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\BOSS\Documents\Desktop\OTL.exe [2010.05.30 14:00:01 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.05.30 13:46:18 | 000,052,592 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.05.30 13:36:04 | 001,665,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.05.30 13:36:04 | 000,714,572 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.05.30 13:36:04 | 000,659,516 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.05.30 13:36:04 | 000,162,160 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.05.30 13:36:04 | 000,133,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.05.30 13:31:41 | 000,052,592 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.05.30 13:31:08 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.30 13:31:08 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.30 13:31:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.30 13:31:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.30 13:29:44 | 000,524,288 | -HS- | M] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TMContainer00000000000000000001.regtrans-ms [2010.05.30 13:29:44 | 000,065,536 | -HS- | M] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TM.blf [2010.05.30 13:29:43 | 002,591,261 | -H-- | M] () -- C:\Users\BOSS\AppData\Local\IconCache.db [2010.05.30 13:25:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\BOSS\Documents\Desktop\HJT.exe [2010.05.30 13:25:23 | 000,293,376 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\gmer.exe [2010.05.30 03:28:32 | 000,207,360 | ---- | M] () -- C:\Users\BOSS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.29 20:07:37 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B5B62B8F-D0A9-4B48-8BEB-AF7509AF207C}.job [2010.05.29 19:55:48 | 102,746,234 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\slum_village_-_fantastic_vol._1.rar [2010.05.28 22:42:30 | 000,002,864 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\aherilaf.dlc [2010.05.28 14:39:53 | 035,522,204 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\DBCS.rar [2010.05.26 20:43:37 | 000,000,004 | ---- | M] () -- C:\Users\BOSS\AppData\Roaming\ovczpx.dat [2010.05.21 14:03:00 | 001,269,862 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\21052010039.jpg [2010.05.21 14:02:18 | 001,396,307 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\21052010037.jpg [2010.05.21 14:01:36 | 001,366,393 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\21052010035.jpg [2010.05.20 02:52:41 | 000,524,288 | -HS- | M] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TMContainer00000000000000000002.regtrans-ms [2010.05.20 00:32:34 | 000,100,136 | ---- | M] (PC Tools) -- C:\Windows\SysWow64\drivers\pctwfpfilter.sys [2010.05.20 00:32:33 | 000,233,136 | ---- | M] (PC Tools) -- C:\Windows\SysWow64\drivers\pctgntdi.sys [2010.05.20 00:32:33 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\SysWow64\drivers\pctplsg.sys [2010.05.20 00:32:33 | 000,007,387 | ---- | M] () -- C:\Windows\SysWow64\drivers\pctgntdi.cat [2010.05.20 00:32:33 | 000,007,383 | ---- | M] () -- C:\Windows\SysWow64\drivers\pctplsg.cat [2010.05.20 00:32:32 | 000,218,592 | ---- | M] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTCore.sys [2010.05.20 00:32:32 | 000,088,040 | ---- | M] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTAppEvent.sys [2010.05.20 00:32:32 | 000,007,412 | ---- | M] () -- C:\Windows\SysWow64\drivers\PCTAppEvent.cat [2010.05.20 00:32:32 | 000,007,383 | ---- | M] () -- C:\Windows\SysWow64\drivers\pctcore.cat [2010.05.20 00:17:59 | 038,204,720 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\Spyware_Doctor_2010_7.0.0.545_retail_incl_key_crack.rar [2010.05.19 22:37:18 | 000,524,288 | -HS- | M] () -- C:\Users\BOSS\ntuser.dat{c375656c-9990-11de-b47d-001d7d07e34b}.TMContainer00000000000000000001.regtrans-ms [2010.05.19 22:37:18 | 000,065,536 | -HS- | M] () -- C:\Users\BOSS\ntuser.dat{c375656c-9990-11de-b47d-001d7d07e34b}.TM.blf [2010.05.19 17:54:43 | 000,002,864 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\suyase.dlc [2010.05.18 21:37:23 | 000,011,052 | ---- | M] () -- C:\Users\BOSS\Documents\pfd.xlsx [2010.05.05 00:30:24 | 128,005,688 | ---- | M] () -- C:\Users\BOSS\Documents\Desktop\0ptimus-ipman-xvidrp-a.mp4 [2010.05.04 21:55:50 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib [2010.05.03 18:35:16 | 000,002,880 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2010.05.03 15:31:44 | 000,105,640 | ---- | M] () -- C:\Users\BOSS\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.03 15:31:05 | 000,387,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.05.03 15:02:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.05.03 15:02:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.05.30 13:25:22 | 000,293,376 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\gmer.exe [2010.05.29 19:55:46 | 102,746,234 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\slum_village_-_fantastic_vol._1.rar [2010.05.28 22:42:29 | 000,002,864 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\aherilaf.dlc [2010.05.28 14:39:52 | 035,522,204 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\DBCS.rar [2010.05.26 20:43:37 | 000,000,004 | ---- | C] () -- C:\Users\BOSS\AppData\Roaming\ovczpx.dat [2010.05.26 17:55:50 | 001,396,307 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\21052010037.jpg [2010.05.26 17:55:50 | 001,366,393 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\21052010035.jpg [2010.05.26 17:55:48 | 001,269,862 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\21052010039.jpg [2010.05.20 00:32:33 | 000,007,387 | ---- | C] () -- C:\Windows\SysWow64\drivers\pctgntdi.cat [2010.05.20 00:32:33 | 000,007,383 | ---- | C] () -- C:\Windows\SysWow64\drivers\pctplsg.cat [2010.05.20 00:32:32 | 000,007,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\PCTAppEvent.cat [2010.05.20 00:32:32 | 000,007,383 | ---- | C] () -- C:\Windows\SysWow64\drivers\pctcore.cat [2010.05.20 00:20:51 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip [2010.05.20 00:20:51 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.05.20 00:20:51 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2010.05.20 00:20:51 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2010.05.20 00:20:51 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2010.05.20 00:18:51 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat [2010.05.20 00:18:50 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat [2010.05.20 00:18:47 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat [2010.05.20 00:18:39 | 000,010,662 | ---- | C] () -- C:\Users\BOSS\AppData\Local\dd_vcredistUI3205.txt [2010.05.20 00:18:38 | 000,354,782 | ---- | C] () -- C:\Users\BOSS\AppData\Local\dd_vcredistMSI3201.txt [2010.05.20 00:18:38 | 000,011,154 | ---- | C] () -- C:\Users\BOSS\AppData\Local\dd_vcredistUI3201.txt [2010.05.19 23:52:44 | 038,204,720 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\Spyware_Doctor_2010_7.0.0.545_retail_incl_key_crack.rar [2010.05.19 22:39:41 | 000,524,288 | -HS- | C] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TMContainer00000000000000000002.regtrans-ms [2010.05.19 22:39:41 | 000,524,288 | -HS- | C] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TMContainer00000000000000000001.regtrans-ms [2010.05.19 22:39:41 | 000,065,536 | -HS- | C] () -- C:\Users\BOSS\ntuser.dat{fbf3c550-6385-11df-a9bf-001d7d07e34b}.TM.blf [2010.05.19 17:54:43 | 000,002,864 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\suyase.dlc [2010.05.14 22:40:01 | 000,011,052 | ---- | C] () -- C:\Users\BOSS\Documents\pfd.xlsx [2010.05.05 00:30:22 | 128,005,688 | ---- | C] () -- C:\Users\BOSS\Documents\Desktop\0ptimus-ipman-xvidrp-a.mp4 [2010.05.03 15:02:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.05.03 15:02:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [2010.05.03 15:02:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2009.07.07 02:48:21 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.06.03 14:10:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.03 14:10:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2008.09.07 19:15:51 | 000,000,279 | ---- | C] () -- C:\Windows\game.ini [2008.07.19 01:05:51 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2008.07.19 01:05:49 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2008.07.19 01:05:49 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2008.07.19 01:05:48 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2008.07.19 01:05:48 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2008.07.13 23:19:28 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini [2008.07.13 23:19:27 | 000,000,478 | ---- | C] () -- C:\Windows\BRWMARK.INI [2008.07.13 23:19:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2008.07.13 23:18:03 | 000,000,364 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2008.07.13 23:18:03 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini [2008.07.13 23:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2008.07.13 23:17:12 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2008.06.24 21:10:56 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys [2008.06.08 01:38:58 | 001,694,870 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008.06.06 17:32:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2008.01.21 04:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.03.12 13:01:30 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2006.08.16 16:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll [color=#E56717]========== LOP Check ==========[/color] [2010.05.03 18:34:22 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\abgx360 [2009.07.06 21:30:46 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Audacity [2009.11.20 04:39:26 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\BayCalculator [2008.06.08 19:44:05 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2008.07.11 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\DisplayTune [2008.11.16 14:07:28 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\FRITZ! [2008.12.03 01:36:35 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\GrabIt [2008.10.06 00:58:06 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\ImgBurn [2009.02.17 05:38:06 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Newsbin [2008.12.03 01:54:05 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\NewsLeecher [2010.05.03 15:03:39 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nokia [2009.12.11 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nseries [2009.09.02 00:55:23 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nuance [2010.05.03 16:00:16 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PC Suite [2009.11.13 22:46:36 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PC-FAX TX [2009.04.08 02:22:45 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PeerNetworking [2008.12.01 00:21:46 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Red Alert 3 [2009.09.11 16:04:30 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TeamViewer [2008.06.06 18:23:03 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TrueCrypt [2009.09.04 22:32:35 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TuneUp Software [2009.07.16 02:59:00 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Ubisoft [2009.09.02 00:54:32 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Zeon [2010.05.30 14:00:01 | 000,000,534 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.05.30 13:29:46 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.05.29 20:07:37 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B5B62B8F-D0A9-4B48-8BEB-AF7509AF207C}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color] [2010.05.03 18:34:22 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\abgx360 [2010.03.08 20:12:16 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Adobe [2008.06.15 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Ahead [2008.01.01 12:44:32 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\ATI [2009.07.06 21:30:46 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Audacity [2010.03.25 17:04:12 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Avira [2009.11.20 04:39:26 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\BayCalculator [2008.07.13 23:20:22 | 000,000,000 | R--D | M] -- C:\Users\BOSS\AppData\Roaming\Brother [2008.06.08 19:44:05 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2008.06.06 21:03:22 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Corel [2008.07.11 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\DisplayTune [2010.03.16 23:55:25 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\DivX [2008.11.16 14:07:28 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\FRITZ! [2008.12.03 01:36:35 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\GrabIt [2008.06.06 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Identities [2008.10.06 00:58:06 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\ImgBurn [2008.06.06 17:42:40 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\InstallShield [2008.06.06 18:54:04 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Macromedia [2010.05.30 13:21:23 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Malwarebytes [2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Media Center Programs [2009.04.01 01:05:34 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Media Player Classic [2010.05.03 15:28:51 | 000,000,000 | --SD | M] -- C:\Users\BOSS\AppData\Roaming\Microsoft [2010.05.20 20:06:52 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\mIRC [2009.05.17 20:03:49 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Mozilla [2009.02.17 05:38:06 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Newsbin [2008.12.03 01:54:05 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\NewsLeecher [2010.05.03 15:03:39 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nokia [2009.12.11 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nseries [2009.09.02 00:55:23 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Nuance [2010.05.03 16:00:16 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PC Suite [2010.05.20 00:18:37 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PC Tools [2009.11.13 22:46:36 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PC-FAX TX [2009.04.08 02:22:45 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\PeerNetworking [2009.09.04 23:18:45 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Real [2008.12.01 00:21:46 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Red Alert 3 [2008.06.08 01:09:39 | 000,000,000 | RH-D | M] -- C:\Users\BOSS\AppData\Roaming\SecuROM [2009.09.11 16:04:30 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TeamViewer [2008.06.06 18:23:03 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TrueCrypt [2009.09.04 22:32:35 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\TuneUp Software [2009.09.03 03:16:46 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\U3 [2009.07.16 02:59:00 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Ubisoft [2008.12.12 01:41:43 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\vlc [2008.06.06 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\WinRAR [2009.09.02 00:54:32 | 000,000,000 | ---D | M] -- C:\Users\BOSS\AppData\Roaming\Zeon [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2009.05.29 15:04:20 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\BOSS\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2010.03.23 23:33:51 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\BOSS\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2009.06.03 18:30:47 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe [2009.03.29 21:44:00 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe [2009.04.14 17:34:11 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg1\RealPlayer11.exe [2009.04.22 17:34:11 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg2\RealPlayer11.exe [2009.05.03 18:30:38 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe [2009.05.15 18:30:39 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe [2009.05.27 18:30:43 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe [2009.06.03 18:30:47 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\BOSS\AppData\Roaming\Real\Update\temp\~Upg6\RealPlayer11.exe [2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\BOSS\AppData\Roaming\U3\temp\cleanup.exe [2007.10.23 10:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Users\BOSS\AppData\Roaming\U3\temp\Launchpad Removal.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008.01.21 04:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 04:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008.01.21 04:45:58 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2008.01.21 04:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008.01.21 04:50:06 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 04:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2008.01.21 04:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008.01.21 04:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 04:48:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008.01.21 04:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:48:49 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe [color=#A23BEC]< MD5 for: WS2IFSL.SYS >[/color] [2008.01.21 04:48:44 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [color=#A23BEC]< >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP  FC5A2B2@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:527B6DAD @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:425D0709 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > |
|
|
|
|
|
|
30.05.2010, 14:52
Member
Themenstarter Beiträge: 13 |
#6
OTL Extras logfile created on: 30.05.2010 14:35:09 - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Users\BOSS\Documents\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 72,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,10 Gb Total Space | 19,12 Gb Free Space | 24,17% Space Free | Partition Type: NTFS Drive D: | 200,36 Gb Total Space | 104,77 Gb Free Space | 52,29% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: UEBERFETT Current User Name: BOSS Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-661538205-1682786210-248367515-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\PROGRAM FILES (X86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = 94 19 4F 18 47 E4 C9 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0393487B-2985-47E2-9B0D-8B467EEEF546}" = lport=10244 | protocol=6 | dir=in | app=system | "{048005A4-A722-4691-8B26-CBBA3AB68334}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0BA6DAA7-FB70-493B-9D0B-8CD48F81C4D6}" = rport=10243 | protocol=6 | dir=out | app=system | "{13C4878E-728E-4875-A598-EA0412FDE540}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{214915B3-1507-41F5-A956-28933010B271}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2281DF12-B81D-422A-B23D-268683E6EF70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{23345C7D-8D94-4659-BE22-D531F568D9A7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{2C7DC72F-01AB-46CC-88CC-84421D2B95B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{35BCA26A-97F1-4746-ADF1-F9D12E2A56B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{360D0B0F-8755-4668-97D9-84C5FE17C825}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38B56CA1-FC2F-4672-9A38-2BA7F5A20661}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3BA5DAE1-DCDA-451D-9DA6-48D283B56E34}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{41A7E383-816B-4B70-A203-B5A3AB8176E8}" = rport=10244 | protocol=6 | dir=out | app=system | "{47BDBF77-30AB-40F3-9610-79E62FE20C0A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5347F7C2-7737-4DA0-A3B9-8A5FDA03E659}" = lport=10244 | protocol=6 | dir=in | app=system | "{55B570E1-4580-4923-8ECD-E84A9E8A2D26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5B94AD52-1D10-4444-ABF4-915C0B7A2434}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6CB00760-9332-4399-A5A2-21468FE6A4D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7856E26A-4DB2-4B70-A457-3288A176982A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7CF24E56-ED69-469C-8D1C-18137470706E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7E55DE8C-8841-4ED7-8ED1-F91F5964C097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7EC20CD5-30F7-4566-9CBA-34A3CFB78058}" = lport=2869 | protocol=6 | dir=in | app=system | "{834FD472-58F0-4906-B70D-7FCC1E38C42A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{89D4E30F-6803-45EE-B847-2527A7480916}" = lport=10243 | protocol=6 | dir=in | app=system | "{8AF35F6C-92AA-45BC-B1D8-36804A8B1096}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8B80E309-F058-43AF-8C86-BC7FA787DD91}" = lport=3390 | protocol=6 | dir=in | app=system | "{8C05DE7F-CC12-4DE1-8780-05AFA4EFE003}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8C4EAA66-A384-41A1-9025-AE58AECC1BEE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8CC5E867-4C4B-49BA-A2D3-3605251E3B0E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{A1A3FD92-DB19-44E5-B2B0-C24C39A7BB65}" = rport=10244 | protocol=6 | dir=out | app=system | "{A2BA3566-C2D4-4989-A0AE-487E148FB62F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A711FAF5-6B91-4C7F-AFBB-8DEF2768BA74}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{ADCC2AF9-597B-451D-9929-3CDB04BCE145}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{AE4028D2-0E5A-42F1-92FF-AA6CE458CC4D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B38E7DFF-C082-4834-A1D8-961157954053}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C4366141-A221-4D9C-859E-0A060EA9C624}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D79DB963-E4F5-436E-8BDE-A8508B9BEB20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EC0A11BD-8C24-46AA-88EB-9381131828D8}" = lport=445 | protocol=6 | dir=in | app=system | "{EE896F9A-C657-49F9-BC9A-57BBCDC02929}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FAD202F2-D224-4DFC-8800-363B094DD1FD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FC11CB24-1FAA-43AB-B58A-C453E2C819E2}" = lport=3390 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{068F7A0B-F1C8-43AC-A1F4-7675FAD7EC5B}" = protocol=6 | dir=in | app=d:\games\crysis\bin64\crysisdedicatedserver.exe | "{0EEB2CD0-42B6-45A2-A2DF-E1FF633F7CBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{12A28F64-A6A3-4000-8203-5403366630D3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{169C4E59-BED0-49ED-A401-999B05EF7DF0}" = protocol=6 | dir=out | app=system | "{28D24DB5-F1AD-4ABB-9E79-7EA1FEA903D9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{2DDD72AA-DF4E-4053-B2B2-6384F0B6627E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3165DD8B-8E9C-4956-990B-ADAADCC42190}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{324FFA25-B69A-43F9-B93F-739182EAE848}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3CA1D176-81A0-4BA6-9A48-73DE0C4D2F67}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{3FB308A3-FBA7-4374-B720-D08CFF1FCD3E}" = protocol=17 | dir=in | app=d:\games\cod4\iw3mp.exe | "{447A5A50-CED7-4AFE-952F-4004DC56CCE3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{49305790-BB2A-4E5D-ACD1-2EBEE14FB8BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4AE860D1-F804-405E-A3C7-8E06263FF6FE}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{4C9392DA-5EBA-4EE8-8B2A-A655DE4DFC82}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{52480A6D-2C5F-4A3F-8CC2-344E74D6F9A4}" = protocol=6 | dir=in | app=d:\games\crysis\bin32\crysis.exe | "{52D922B2-A02E-42F6-AAD6-6FA8131E534C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{61334954-6714-4175-BD1A-9B44760C1363}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{619FA81C-31D6-4546-AFCC-10F2A72231A9}" = protocol=17 | dir=in | app=c:\program files (x86)\d-link\d-link wireless n dwa-140\airncfg.exe | "{6E4FDB91-AC24-4E55-A6A9-6E4FE4B606C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{746E3C80-6E58-4C47-BACA-92B0A6D57371}" = protocol=6 | dir=in | app=d:\games\cod4\iw3mp.exe | "{7B9CA5FA-8302-4D34-B09B-8872DA4FCB7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7E83F09E-0187-4F96-B721-20684D6036E0}" = protocol=17 | dir=in | app=d:\games\crysis\bin32\crysis.exe | "{8577BE3B-B8B8-4DD4-9064-F148E8DEEFF5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8B656B71-3C26-448A-8501-E7A5E142BDA4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{966BA6C8-5FF4-43DE-8F4D-81FD7CD94DC2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{96F3FB3E-884C-43F5-A694-6C62BF222717}" = protocol=6 | dir=in | app=d:\games\crysis\bin32\crysisdedicatedserver.exe | "{A1A9023D-70DA-436E-B669-4AFA0ECBC6AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A5A99F7B-B06C-4AAA-BA86-9593EEA6695B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{AAE0F864-1458-48D8-B968-B6034533AA31}" = protocol=17 | dir=in | app=d:\games\crysis\bin64\crysis.exe | "{B118268E-9BD7-4C6A-BCCD-263E30ED6F18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B2055123-BD1D-4314-8E5C-54C701DBA929}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B6270784-9B7B-4CB4-8D0A-31F4D75C9800}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{B73DAB92-54E9-4C6E-92F6-D766799626DD}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{C7DB7B63-6518-48DA-9350-18550A31BDFC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{C857A8A0-CBCA-4EC2-A626-C283694898F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CA280EAE-8658-4149-AD42-2DD96A21D933}" = protocol=6 | dir=in | app=c:\program files (x86)\d-link\d-link wireless n dwa-140\airncfg.exe | "{CEC02F8D-4873-4C93-8835-FB0A6FF36B66}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{CFA75DAB-52E9-4368-8D2C-B1F4ACAA44CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3AF9042-E125-4EB2-9F7F-6FC1953DC251}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D4B9637F-4482-418F-9A03-85B5F9690E71}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D4FB0A9B-4E2B-455D-ACCE-3CB90DF186CD}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{D7B441D3-9A24-49DE-B5D9-99D9A9455AFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0BDEAD6-25B1-47EA-BB55-74AF086DF027}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F1EBA9F5-348A-4BCD-9947-82C0582C8D2E}" = protocol=17 | dir=in | app=d:\games\crysis\bin32\crysisdedicatedserver.exe | "{F8661F38-0B7B-4C4D-A5B4-2CA01D04BF69}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{FD8F4367-B8A8-4294-88C6-EA940726E3EE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{FE1063A1-3FB6-4A11-80C6-7476ACED073B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{FF6062CB-2705-4FCC-9490-A7476089F181}" = protocol=17 | dir=in | app=d:\games\crysis\bin64\crysisdedicatedserver.exe | "{FF83A3C0-1315-40F8-8F08-FF09BCF9D7B8}" = protocol=6 | dir=in | app=d:\games\crysis\bin64\crysis.exe | "{FFB22D27-1380-4803-960D-AEB684BD4683}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat | "TCP Query User{100A939F-7488-44CA-98D5-2EFED2933244}D:\games\command and conquer\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=d:\games\command and conquer\retailexe\1.9\cnc3game.dat | "TCP Query User{141EC7E4-1333-4481-B6A8-444EDCAD801C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{1F94457F-53CC-4B49-BD96-3A19983EF862}X:\002 -=appz=-\soulseek.156c\soulseek\slsk.exe" = protocol=6 | dir=in | app=x:\002 -=appz=-\soulseek.156c\soulseek\slsk.exe | "TCP Query User{215EF371-2BD8-41FA-B729-1933E2EC5006}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{34F4A029-2C26-44C0-8887-5B929C752E1D}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe | "TCP Query User{3AEA849E-69FE-4747-8176-FFB6D2038C7A}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{3BD30F37-FEFF-45BF-B18A-925AE2B61575}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{50EFA9AF-2B2C-4A75-80C0-7E41BA998B02}C:\program files (x86)\gigabyte\gest\run.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\gest\run.exe | "TCP Query User{57464D60-D2FA-4DC3-83B5-B990AF885075}X:\candisoft_load!_0.5.2\load.exe" = protocol=6 | dir=in | app=x:\candisoft_load!_0.5.2\load.exe | "TCP Query User{6BBFDD6A-F365-4FC4-87F2-B286703D4E0B}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{6CFDEFB1-3233-4647-AF93-B86345962F1B}D:\games\alarmstufe rot 3\data\ra3_1.4.game" = protocol=6 | dir=in | app=d:\games\alarmstufe rot 3\data\ra3_1.4.game | "TCP Query User{72859AA6-2B87-4787-8EF0-D34C0CB6D6B7}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{865AAC32-8DB2-499B-B57E-18335D5A82B3}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{868049AC-3818-46F3-B7CE-D7A6943F01EA}D:\games\command and conquer\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=d:\games\command and conquer\retailexe\1.9\cnc3game.dat | "TCP Query User{88E32CAF-2838-4FDF-A3A2-1580AD04B0C1}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "TCP Query User{8E9AD843-5B13-4C90-8238-BA46F1657F83}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{AEBE9A0F-F357-422C-9FC4-71122B2FAE78}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{BD679648-AECC-4F5E-BCBE-6C6B750709B9}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "TCP Query User{CAF6157C-3E93-4EF0-82C3-7AEA96B83BF6}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "TCP Query User{DDA296B8-802E-4C42-BC0B-48ABC75CC0BC}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe | "TCP Query User{DEF9D727-A19A-46E1-9821-4B667AAFE7A7}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe | "TCP Query User{E22CBDD7-FF5E-4FD7-8FF5-C8CC4DD4180E}C:\program files (x86)\java\jre1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\java.exe | "TCP Query User{F1836E82-1472-477B-84F8-6447446ABA85}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "TCP Query User{F92F13E3-680B-486E-BD26-5B25B5473D4C}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe | "UDP Query User{04780A42-9353-4FE1-AA56-0910C411246D}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "UDP Query User{05E62A6C-7124-49B2-84A4-6E3B3541DAD1}C:\program files (x86)\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ahead\nero web\setupx.exe | "UDP Query User{1C24C7A7-CBAF-4CCB-B0AF-51C886B4D948}C:\program files (x86)\gigabyte\gest\run.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\gest\run.exe | "UDP Query User{205B27CA-C462-44CF-9679-F9668EA7DC58}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe | "UDP Query User{2AA0BD7B-1595-4E4E-B667-38308142B87C}D:\games\command and conquer\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=d:\games\command and conquer\retailexe\1.9\cnc3game.dat | "UDP Query User{2AE6C66B-9FCE-43C6-AA26-7E5EB90FA18B}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "UDP Query User{3B2B72DF-3216-4E3A-8B8D-A41FCEDABDE6}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe | "UDP Query User{3F15F119-ECFF-4775-9333-7CC23BFBA852}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{4C69F9D2-6427-4E5F-9961-E0979FF773D8}D:\games\alarmstufe rot 3\data\ra3_1.4.game" = protocol=17 | dir=in | app=d:\games\alarmstufe rot 3\data\ra3_1.4.game | "UDP Query User{529F19C8-C91C-4E8E-9825-6C203CA56EBE}D:\games\command and conquer\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=d:\games\command and conquer\retailexe\1.9\cnc3game.dat | "UDP Query User{549FAB65-4F16-4B74-9D0A-7C7C2C03839A}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{7C999D2A-7241-41C0-BC56-7EC239E6A967}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{7ECB043B-1AE6-4CE3-B996-D55578410E53}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{8FA68DA9-C3A7-4A24-A6A5-EA02DE1914F7}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "UDP Query User{9270D73E-5EC8-471F-9C1A-1B783AF14E47}C:\program files (x86)\java\jre1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\java.exe | "UDP Query User{9348544B-4E84-4F7E-8539-C0AEC8C21321}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{96F87E7B-91A1-4076-95FF-423E745DDE21}X:\002 -=appz=-\soulseek.156c\soulseek\slsk.exe" = protocol=17 | dir=in | app=x:\002 -=appz=-\soulseek.156c\soulseek\slsk.exe | "UDP Query User{B03BF483-F1F6-4F4C-84EC-36B5497959CF}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{B7B0D62A-6267-43FC-AB6A-7EA068F97CDF}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe | "UDP Query User{C3F44DA1-1B0D-4711-B224-4FD55F973509}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{CBFFB46C-1EA7-4FF0-BFF9-5796E23E5D28}X:\candisoft_load!_0.5.2\load.exe" = protocol=17 | dir=in | app=x:\candisoft_load!_0.5.2\load.exe | "UDP Query User{D9F7E27A-2018-4A14-BA95-4557D8A6D4D9}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "UDP Query User{EC84293C-DB28-4FCC-98CB-5777477FA372}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{EFA94FD8-91AC-4E38-B919-5897A7E288C0}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "UltSounds" = Windows-Soundschemas [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4 "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate "{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15 "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4 "{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{72CBC468-82F9-48F8-B5B0-3300387E41AA}" = Nokia Ovi Suite Software Updater "{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM "{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Ultra Edition "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_913" = Adobe Acrobat 9.1.3 - CPSID_49522 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English "{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver "{BE850443-DF4F-4B6F-9968-4F8F3125B964}" = No23Live "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core "{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "abgx360" = abgx360 v1.0.2 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Browser Defender_is1" = Browser Defender 2.0.6.15 "CloneCD" = CloneCD "Cool Edit Pro 2.0" = Cool Edit Pro 2.0 "DeskScapes" = DeskScapes "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "EADM" = EA Download Manager "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50 "Fraps" = Fraps "ImgBurn" = ImgBurn "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "IsoBuster_is1" = IsoBuster 2.4 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "mIRC" = mIRC "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NewsBin5" = NewsBin Pro "nLite_is1" = nLite 1.4.9.1 "Nokia Ovi Suite" = Nokia Ovi Suite "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "PartyPoker" = PartyPoker "PDFCreator Toolbar" = PDFCreator Toolbar "SpeedFan" = SpeedFan (remove only) "Spyware Doctor" = Spyware Doctor 7.0 "SubtitleWorkshop" = Subtitle Workshop 2.51 "Trillian" = Trillian "TrueCrypt" = TrueCrypt "TVAnts 1.0" = TVAnts 1.0 "UltraISO_is1" = UltraISO Premium V9.2 "VLC media player" = VLC media player 0.9.8a "WinRAR archiver" = WinRAR "XviD4PSP5" = XviD4PSP 5.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-661538205-1682786210-248367515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 14.01.2010 08:25:43 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 14.01.2010 08:25:43 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 14.01.2010 08:25:49 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 14.01.2010 09:11:06 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 14.01.2010 09:11:06 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 15.01.2010 08:03:57 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 15.01.2010 08:03:59 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 15.01.2010 08:03:59 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 15.01.2010 08:29:20 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 15.01.2010 08:29:20 | Computer Name = ueberfett | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. [ Media Center Events ] Error - 14.11.2009 14:50:17 | Computer Name = ueberfett | Source = McrMgr | ID = 109 Description = [ OSession Events ] Error - 11.05.2009 11:55:17 | Computer Name = ueberfett | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 26.05.2010 08:30:05 | Computer Name = ueberfett | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620 Description = Error - 27.05.2010 09:37:24 | Computer Name = ueberfett | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620 Description = Error - 27.05.2010 21:45:53 | Computer Name = ueberfett | Source = DCOM | ID = 10010 Description = Error - 28.05.2010 11:16:47 | Computer Name = ueberfett | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620 Description = Error - 28.05.2010 16:45:36 | Computer Name = ueberfett | Source = Ntfs | ID = 262281 Description = Der Transaktionsressourcen-Manager auf Volume "X:" konnte aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 29.05.2010 11:59:12 | Computer Name = ueberfett | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620 Description = Error - 29.05.2010 11:59:29 | Computer Name = ueberfett | Source = Ntfs | ID = 262281 Description = Der Transaktionsressourcen-Manager auf Volume "X:" konnte aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 29.05.2010 12:02:38 | Computer Name = ueberfett | Source = Ntfs | ID = 262281 Description = Der Transaktionsressourcen-Manager auf Volume "Y:" konnte aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error - 29.05.2010 21:50:43 | Computer Name = ueberfett | Source = DCOM | ID = 10010 Description = Error - 30.05.2010 07:29:42 | Computer Name = ueberfett | Source = DCOM | ID = 10010 Description = [ TuneUp Events ] Error - 30.05.2010 07:21:26 | Computer Name = ueberfett | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-05-30 13:21:26', '\device\harddiskvolume1\program files (x86)\malwarebytes' anti-malware\mbam.exe','5200',0) < End of report > |
|
|
|
|
|
|
30.05.2010, 15:05
Member
Beiträge: 3716 |
#7
• Es öffnet sich das Programm-Fenster des Tools.
• Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren. • Klicke Ja, um fortzufahren. • Wenn die Nachricht 'Finished!' erscheint, • klicke OK. • DeFogger wird nun einen Reboot erfragen - klicke OK • Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird. Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL :Commands [purity] [EMPTYFLASH] [emptytemp] [start explorer] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Run Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten |
|
|
|
|
|
|
30.05.2010, 15:22
Member
Themenstarter Beiträge: 13 |
#8
All processes killed
========== OTL ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: BOSS ->Flash cache emptied: 4282869 bytes User: Default User: Default User User: Mcx1 User: Public Total Flash Files Cleaned = 4,00 mb [EMPTYTEMP] User: All Users User: BOSS ->Temp folder emptied: 211855516 bytes ->Temporary Internet Files folder emptied: 1460417460 bytes ->Java cache emptied: 42872967 bytes ->FireFox cache emptied: 61080587 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 101114 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3221600 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 29201 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67468 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 19425313 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 9873383 bytes Total Files Cleaned = 1.725,00 mb OTL by OldTimer - Version 3.2.5.1 log created on 05302010_151617 Files\Folders moved on Reboot... C:\Users\BOSS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\BOSS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98EO5PPK\start[2].htm moved successfully. Registry entries deleted on Reboot... |
|
|
|
|
|
|
30.05.2010, 15:48
Member
Beiträge: 3716 |
||
|
|
|
|
|
30.05.2010, 15:58
Member
Themenstarter Beiträge: 13 |
#10
naja langsam ist gar nicht so das problem ie braucht halt manchmal etwas länger wenn er ne seite lädt oder wenn ich n neues tab öffne bleibt er kurz hängen etc. obwohl ich 8gb ram hab. Damit kann ich aber leben, mir is eben nur wichtig dass ich kein trojaner o.ä. drauf hab weil ich zb viel inet banking mach. Kannst du das nun ausschließen? Formatieren sollt ich im nächsten halben jahr eh mal wieder. Vielen dank mal soweit...
|
|
|
|
|
|
|
30.05.2010, 16:01
Member
Beiträge: 3716 |
#11
wir sehen uns dein sys näher an, ich wollte ja nur wissen was genau das problem ist.
http://board.protecus.de/t37785.htm kaspersky avp nutzen log posten. |
|
|
|
|
|
|
30.05.2010, 18:44
Member
Themenstarter Beiträge: 13 |
#12
ohje das dauert ja ewig, läuft jetzt schon 2,5 h und ist erst bei 49% :X
|
|
|
|
|
|
|
30.05.2010, 18:50
Member
Beiträge: 3716 |
#13
schalte alle programme, auch dein antivirus aus, arbeite nicht am pc.
|
|
|
|
|
|
|
30.05.2010, 20:08
Member
Themenstarter Beiträge: 13 |
#14
Ok jetzt is es fertig, woher bekomm ich den log?!
|
|
|
|
|
|
|
30.05.2010, 20:29
Member
Beiträge: 3716 |
#15
wurde denn etwas gefunden und gelöscht?
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
vor kurzem hatte ich wohl nen virus/trojaner weiß der teufel was. es hat sich ein vermeintliches anti-viren programm installiert, das mich keine datei mehr starten ließ. immer wurde mir gesagt das jeweilige programm sei infiziert. darauf hin habe ich eine systemwiederherstellung durchgeführt um überhaupt wieder ein programm starten zu können. anschließend habe ich alles mit antivir und spyware doctor gescannt und alle infizierungen entfernt. soweit war dann alles okay, allerdings ist jetzt seit ein paar tagen mein inet explorer (version 8) so komisch langsam.
deswegen habe ich mal alles mit malwarebytes, gmer und hjt durchgecheckt und würde euch bitten, die nachfolgenden logs durchzusehen, ob da etwas auffälliges drin ist.
mein OS ist win vista x64.
Vielen Dank schonmal
Greetz
--------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4155
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
30.05.2010 13:29:10
mbam-log-2010-05-30 (13-29-10).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140375
Laufzeit: 4 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\BOSS\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-30 13:46:51
Windows 6.0.6002 Service Pack 2
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB8 0xFE 0xC3 0x85 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC5 0x49 0x98 0xE0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x1D 0xD3 0x00 0xD1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x75 0x89 0x43 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC5 0x49 0x98 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x09 0x3D 0xCE 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x75 0x89 0x43 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC5 0x49 0x98 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x09 0x3D 0xCE 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x75 0x89 0x43 0x46 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC5 0x49 0x98 0xE0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x09 0x3D 0xCE 0x84 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:49:02, on 30.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\brsvc01a.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\SysWOW64\brss01a.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Users\BOSS\Documents\Desktop\HJT.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.economist.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files (x86)\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -HPW
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpeedFan] C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker\RunApp.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: acaptuser32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\SysWOW64\brsvc01a.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13794 bytes