Home » Viren, Trojaner & Malware Forum » windows media player spinnt rum... » Themenansicht

windows media player spinnt rum...
#0
30.09.2010, 20:52
enno23
Member

Beiträge: 13
#1 seit kurzem hab ich probleme mit dem windows media player der öffnet sich von allein und wenn ich den schliesse dann öffnet er kurz danach wieder aber ab und zu klappt es das er geschlossen bleibt wenn ich ihn schliesse. nun wollte ich den die laufenden prozesse mit antivir scanen und nun kam die meldung das antivir nicht mehr funktioniert. malwarebytes hab ich auch laufen lassen und 1 infiziertes objekt!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:49, on 30.09.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Users\huhu\AppData\Local\Temp\Creative_Audio_Engine_Cleanup.0001
C:\Program Files (x86)\Xfire\Xfire.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Users\huhu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGRXBGL3\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Users\enno\AppData\Local\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: The Cleaner 2011 Helper Service (moohelp) - MooSoft Development LLC - C:\Program Files (x86)\The Cleaner\mhelper.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14116 bytes
Seitenanfang Seitenende
01.10.2010, 07:33
enno23
Member

Themenstarter

Beiträge: 13
#2 avast hat folgendes gefunden JS: Downloader-ACD[Trj] und JS: Pdfka-AMX[Expl] was nun machen reicht es wenn ich diese in den container verschiebe?
Seitenanfang Seitenende
01.10.2010, 18:41
Swisstreasure
Moderator

Beiträge: 5694
#3 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Kannst Du auf Deinem Computer alle Dateien und Datei-Endungen sehen? Falls nein, bitte diese Einstellungen in den Ordneroptionen vornehmen.

Schritt 2

Systemscan mit OTL


Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
• Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.



• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.
Seitenanfang Seitenende
01.10.2010, 19:53
enno23
Member

Themenstarter

Beiträge: 13
#4

Code

OTL logfile created on: 01.10.2010 19:45:27 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\enno\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 193,81 Gb Free Space | 41,61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ENNO-PC
Current User Name: enno
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\enno\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe ()
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Razer\Lycosa\razertra.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\enno\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Creative Dolby Digital Live Pack Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe (Creative Labs)
SRV - (moohelp) -- C:\Program Files (x86)\The Cleaner\mhelper.exe (MooSoft Development LLC)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (UNDPX2A) -- C:\Windows\SysNative\drivers\UNDPX2A.SYS File not found
DRV:[b]64bit:[/b] - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys File not found
DRV:[b]64bit:[/b] - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:[b]64bit:[/b] - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:[b]64bit:[/b] - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:[b]64bit:[/b] - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:[b]64bit:[/b] - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:[b]64bit:[/b] - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (taphss) -- C:\Windows\SysNative\DRIVERS\taphss.sys (AnchorFree Inc)
DRV:[b]64bit:[/b] - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (nvoclk64) -- C:\Windows\SysNative\DRIVERS\nvoclk64.sys (NVIDIA Corp.)
DRV:[b]64bit:[/b] - (ESLvnic1) -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:[b]64bit:[/b] - (CYUSB) -- C:\Windows\SysNative\Drivers\CYUSB.sys (Cypress Semiconductor)
DRV:[b]64bit:[/b] - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (AbilisT) -- C:\Windows\SysNative\Drivers\AbilisBdaTuner.sys (ABILIS Systems)
DRV:[b]64bit:[/b] - (NVNET55) -- C:\Windows\SysNative\DRIVERS\nvmimx64.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (ZTEusbnet) -- C:\Windows\SysNative\DRIVERS\ZTEusbnet.sys (ZTE Corporation)
DRV:[b]64bit:[/b] - (ZTEusbvoice) -- C:\Windows\SysNative\DRIVERS\ZTEusbvoice.sys (ZTE Incorporated)
DRV:[b]64bit:[/b] - (ZTEusbnmea) -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys (ZTE Incorporated)
DRV:[b]64bit:[/b] - (ZTEusbser6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys (ZTE Incorporated)
DRV:[b]64bit:[/b] - (ZTEusbmdm6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:[b]64bit:[/b] - (massfilter) -- C:\Windows\SysNative\DRIVERS\massfilter.sys (ZTE Incorporated)
DRV:[b]64bit:[/b] - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys (MCCI)
DRV:[b]64bit:[/b] - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys (MCCI Corporation)
DRV:[b]64bit:[/b] - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV:[b]64bit:[/b] - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:[b]64bit:[/b] - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (RTCore64) -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVIDIA Corp.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.30 19:07:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.30 19:07:16 | 000,000,000 | ---D | M]
 
[2009.11.27 22:19:03 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\mozilla\Extensions
[2010.08.27 07:22:42 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\mozilla\Firefox\Profiles\xydacpje.default\extensions
[2010.07.03 19:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\enno\AppData\Roaming\mozilla\Firefox\Profiles\xydacpje.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.27 07:22:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.14 04:55:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.12 22:15:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.07.26 18:41:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.26 18:41:46 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.26 18:41:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.26 18:41:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.26 18:41:46 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:[b]64bit:[/b] - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [MtdAcqu] C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe File not found
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.216.127.130 82.212.63.122
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\enno\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\enno\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.10.01 19:44:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\enno\Desktop\OTL.exe
[2010.09.30 21:27:41 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.09.30 21:27:39 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.09.30 21:27:18 | 000,472,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010.09.30 21:27:07 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.09.30 21:27:04 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.09.30 21:26:59 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.09.30 21:26:24 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.09.30 21:26:23 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.09.30 21:26:03 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software
[2010.09.30 21:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.09.30 20:31:29 | 000,000,000 | ---D | C] -- C:\Users\enno\AppData\Roaming\Malwarebytes
[2010.09.30 20:31:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.09.30 20:31:21 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.30 20:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.30 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.09.30 19:08:49 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.09.30 19:08:48 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.09.30 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.09.30 19:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.09.30 19:05:48 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.09.30 19:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.09.28 00:03:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2010.09.28 00:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2010.09.28 00:03:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022
[2010.09.28 00:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010.09.26 23:38:21 | 000,000,000 | ---D | C] -- C:\Users\enno\AppData\Local\NPE
[2010.09.26 23:27:56 | 000,000,000 | ---D | C] -- C:\Users\enno\AppData\Roaming\thecleaner
[2010.09.26 23:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Cleaner
[2010.09.19 22:50:17 | 000,000,000 | ---D | C] -- C:\Users\enno\AppData\Local\ArmA 2 OA
[2010.09.14 21:56:40 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010.09.14 21:56:40 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2010.09.14 21:56:30 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2010.09.12 13:31:40 | 000,000,000 | ---D | C] -- C:\Users\enno\Documents\BFBC2
[2010.09.12 12:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2010.09.12 00:19:13 | 062,414,392 | ---- | C] (Creative Technology Ltd) -- C:\Users\enno\Desktop\CSL_PCAPP_LB_2_61_35.exe
[2010.09.12 00:08:55 | 006,002,176 | ---- | C] (Creative Technology Ltd) -- C:\Users\enno\Desktop\DDL_PCAPP_LB_3_00_06.exe
[2010.09.11 11:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2010.09.11 11:32:54 | 000,093,696 | ---- | C] (Razer Inc.) -- C:\Windows\SysNative\Lycosa.cpl
[2010.09.11 11:32:50 | 000,065,536 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\Lycosa.cpl
[2010.09.11 11:32:50 | 000,018,816 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysNative\drivers\Lycosa.sys
[2010.09.11 11:32:19 | 000,000,000 | ---D | C] -- C:\Users\enno\AppData\Roaming\InstallShield
[2010.09.08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.09.08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010.09.05 15:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everest Casino
[2010.09.01 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\enno\AppData\Roaming\vlc
[2010.07.07 20:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[13 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.10.01 19:48:42 | 008,912,896 | -HS- | M] () -- C:\Users\enno\ntuser.dat
[2010.10.01 19:44:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\enno\Desktop\OTL.exe
[2010.10.01 19:33:40 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.10.01 19:33:38 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.10.01 19:33:08 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.01 19:33:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.01 19:33:00 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.01 19:33:00 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.01 19:32:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.01 19:32:42 | 4293,435,392 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.01 07:41:24 | 000,062,412 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010.10.01 07:41:24 | 000,062,412 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010.10.01 07:41:24 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010.10.01 07:40:58 | 000,524,288 | -HS- | M] () -- C:\Users\enno\ntuser.dat{0675a97b-ea65-11de-85ab-00ff01000001}.TMContainer00000000000000000001.regtrans-ms
[2010.10.01 07:40:58 | 000,065,536 | -HS- | M] () -- C:\Users\enno\ntuser.dat{0675a97b-ea65-11de-85ab-00ff01000001}.TM.blf
[2010.10.01 07:40:53 | 002,817,857 | -H-- | M] () -- C:\Users\enno\AppData\Local\IconCache.db
[2010.10.01 07:30:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.30 21:27:42 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010.09.30 21:26:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.09.30 20:31:25 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.30 20:06:19 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.09.30 20:06:19 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.09.30 19:25:00 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.09.30 19:09:24 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.30 19:06:56 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.29 18:07:36 | 000,000,905 | ---- | M] () -- C:\Windows\win.ini
[2010.09.28 23:28:09 | 001,465,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.28 23:28:09 | 000,643,660 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.09.28 23:28:09 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.28 23:28:09 | 000,130,782 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.09.28 23:28:09 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.28 18:30:27 | 000,000,496 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for enno.job
[2010.09.28 00:03:08 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.09.28 00:03:06 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010.09.27 21:03:14 | 000,001,417 | ---- | M] () -- C:\Users\enno\Desktop\DivX Movies.lnk
[2010.09.25 20:16:56 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.09.23 19:30:45 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.09.19 22:02:49 | 000,000,221 | ---- | M] () -- C:\Users\enno\Desktop\ARMA II - Operation Arrowhead.url
[2010.09.19 11:50:17 | 000,735,889 | ---- | M] () -- C:\Users\enno\Desktop\pbsetup.zip
[2010.09.12 15:57:09 | 419,411,131 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.12 13:30:01 | 000,001,023 | ---- | M] () -- C:\Users\enno\Desktop\BFBC2Updater - Verknüpfung.lnk
[2010.09.12 13:29:51 | 000,001,008 | ---- | M] () -- C:\Users\enno\Desktop\BFBC2Game - Verknüpfung.lnk
[2010.09.12 13:24:25 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.09.12 13:24:25 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.12 11:40:39 | 000,001,796 | ---- | M] () -- C:\Users\enno\AppData\Roaming\Profile0.dat
[2010.09.12 00:19:17 | 062,414,392 | ---- | M] (Creative Technology Ltd) -- C:\Users\enno\Desktop\CSL_PCAPP_LB_2_61_35.exe
[2010.09.12 00:08:57 | 006,002,176 | ---- | M] (Creative Technology Ltd) -- C:\Users\enno\Desktop\DDL_PCAPP_LB_3_00_06.exe
[2010.09.11 23:30:53 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.09.11 23:30:53 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.09.11 23:30:53 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.09.11 23:30:53 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.09.11 11:36:11 | 000,000,913 | ---- | M] () -- C:\Users\enno\Desktop\EVGA Precision.lnk
[2010.09.08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.09.08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010.09.07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.09.07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.09.07 16:54:10 | 000,472,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2010.09.07 16:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.09.07 16:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.09.07 16:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.09.07 16:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.09.07 16:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.09.05 16:36:41 | 000,013,591 | ---- | M] () -- C:\Users\enno\Documents\avatar-8248.gif
[2010.09.05 15:13:24 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\Everest Casino.lnk
[2010.09.04 20:45:49 | 000,000,221 | ---- | M] () -- C:\Users\enno\Desktop\Altitude.url
[2010.09.01 23:47:33 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.09.01 23:46:15 | 019,657,194 | ---- | M] () -- C:\Users\enno\Documents\vlc-1.1.4-win32.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[13 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.09.30 21:27:42 | 000,001,796 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010.09.30 21:26:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.09.30 21:26:34 | 000,370,002 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistMSI1418.txt
[2010.09.30 21:26:31 | 000,011,434 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistUI1418.txt
[2010.09.30 20:31:25 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.30 19:25:00 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.30 19:09:24 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.30 19:06:56 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.28 00:03:08 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.09.28 00:03:08 | 000,000,496 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for enno.job
[2010.09.28 00:03:06 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010.09.19 21:17:25 | 000,000,221 | ---- | C] () -- C:\Users\enno\Desktop\ARMA II - Operation Arrowhead.url
[2010.09.19 11:50:14 | 000,735,889 | ---- | C] () -- C:\Users\enno\Desktop\pbsetup.zip
[2010.09.12 15:37:14 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.09.12 15:37:13 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.09.12 13:30:01 | 000,001,023 | ---- | C] () -- C:\Users\enno\Desktop\BFBC2Updater - Verknüpfung.lnk
[2010.09.12 13:29:51 | 000,001,008 | ---- | C] () -- C:\Users\enno\Desktop\BFBC2Game - Verknüpfung.lnk
[2010.09.05 16:41:44 | 000,013,591 | ---- | C] () -- C:\Users\enno\Documents\avatar-8248.gif
[2010.09.05 15:13:24 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\Everest Casino.lnk
[2010.09.04 20:45:49 | 000,000,221 | ---- | C] () -- C:\Users\enno\Desktop\Altitude.url
[2010.09.01 23:47:33 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.09.01 23:46:09 | 019,657,194 | ---- | C] () -- C:\Users\enno\Documents\vlc-1.1.4-win32.exe
[2010.08.25 21:36:17 | 000,423,600 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistMSI1EC8.txt
[2010.08.25 21:36:17 | 000,011,120 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistUI1EC8.txt
[2010.08.25 20:16:11 | 000,424,686 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistMSI6179.txt
[2010.08.25 20:16:11 | 000,011,152 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistUI6179.txt
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.07.07 21:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.07.07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010.04.26 18:21:42 | 000,000,000 | ---- | C] () -- C:\Windows\MUSICE~1.INI
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.29 20:31:21 | 000,001,772 | ---- | C] () -- C:\Users\enno\AppData\Roaming\Profile1.dat
[2010.03.25 20:23:45 | 000,441,042 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistMSI34E5.txt
[2010.03.25 20:23:43 | 000,011,690 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistUI34E5.txt
[2010.02.28 23:09:10 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009.12.26 05:17:38 | 000,001,476 | ---- | C] () -- C:\Users\enno\AppData\Local\RecConfig.xml
[2009.11.18 23:19:46 | 000,436,394 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistMSI78BF.txt
[2009.11.18 23:19:46 | 000,011,410 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistUI78BF.txt
[2009.10.27 19:39:25 | 000,353,930 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistMSI1929.txt
[2009.10.27 19:39:24 | 000,011,170 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistUI1929.txt
[2009.10.19 22:32:33 | 000,436,608 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistMSI2C9E.txt
[2009.10.19 22:32:33 | 000,011,426 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistUI2C9E.txt
[2009.10.18 18:35:36 | 000,000,180 | ---- | C] () -- C:\ProgramData\Setup.log
[2009.10.18 18:33:01 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.10.18 18:33:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.10.18 18:32:21 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.10.18 18:31:59 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2009.10.09 19:24:24 | 000,001,796 | ---- | C] () -- C:\Users\enno\AppData\Roaming\Profile0.dat
[2009.09.24 00:43:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.24 00:42:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.09.21 20:12:23 | 000,139,264 | ---- | C] () -- C:\Users\enno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.28 01:28:03 | 000,009,716 | ---- | C] () -- C:\Users\enno\AppData\Roaming\TheHunterSettings.bin
[2009.07.28 01:26:33 | 000,000,043 | ---- | C] () -- C:\Users\enno\AppData\Roaming\TheHunterSettings.cfg
[2009.07.28 00:53:21 | 000,554,472 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistMSI7530.txt
[2009.07.28 00:53:19 | 000,017,260 | ---- | C] () -- C:\Users\enno\AppData\Local\dd_vcredistUI7530.txt
[2009.07.27 19:04:57 | 000,001,356 | ---- | C] () -- C:\Users\enno\AppData\Local\d3d9caps.dat
[2009.07.27 19:04:54 | 000,001,100 | ---- | C] () -- C:\Users\enno\AppData\Local\d3d8caps.dat
[2009.07.25 17:24:20 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.07.21 19:18:39 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.07.20 17:49:15 | 000,001,460 | ---- | C] () -- C:\Users\enno\AppData\Local\d3d9caps64.dat
[2009.07.01 10:12:32 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007.08.23 18:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.08.23 18:50:04 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2007.07.19 12:50:12 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.05.05 18:00:08 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\EA
[2009.10.20 01:45:36 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\GetRightToGo
[2010.08.17 18:59:30 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\ICQ
[2010.02.28 23:12:53 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\MAGIX
[2010.01.27 21:35:40 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\PacificPoker
[2010.06.08 20:17:46 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\PC Suite
[2010.06.08 18:21:45 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\Samsung
[2009.12.26 04:09:42 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\Smart Recorder
[2009.12.26 05:07:52 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\streamripper
[2009.10.15 03:25:23 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\TeamViewer
[2010.09.26 23:27:57 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\thecleaner
[2010.05.05 18:04:45 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\TS3Client
[2010.07.16 21:58:28 | 000,000,000 | ---D | M] -- C:\Users\enno\AppData\Roaming\Vodafone
[2010.10.01 07:41:01 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >
Seitenanfang Seitenende
01.10.2010, 20:02
enno23
Member

Themenstarter

Beiträge: 13
#5

Code

OTL Extras logfile created on: 01.10.2010 19:45:27 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\enno\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 193,81 Gb Free Space | 41,61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ENNO-PC
Current User Name: enno
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 22 D0 C9 3E 42 0D CA 01  [binary data]
"VistaSp2" = 9F FE CC 3E A5 3C CA 01  [binary data]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16BFF665-9B78-4D23-8BF1-9B20A841B3AE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{482B7674-A1D0-43BF-BD73-2BE4D6DBDB48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4DFBD077-31A9-4060-8123-058E2D1AC365}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5EA29231-E44C-4EB2-9953-F17ED4F35A73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6FC53EBD-E53D-4716-AE10-26786CE35B06}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8A811B80-E23D-4036-B635-F8D5CBC462AF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8CFB2C12-AF09-4282-ABE8-AF139AE66BE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B1DBD06E-B636-489C-8537-E2F620787B85}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C488EB67-A897-4940-A2D0-7804F25C22B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CB4863D6-6691-4A7D-9D71-F4B35D8C119A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EBCFBF-72A4-4076-AA88-334180FF15D0}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{11C5F2EA-9612-47DA-BFB5-1EBB11AC7B8B}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe | 
"{17C50087-2155-4FBA-89FB-BEC802BBCF4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{1A527594-9032-42CC-AFB4-1F89D0092BCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{1F139187-7C37-4B6E-B9CD-2ACF02254F9C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{264000BC-264A-4EF7-8620-27128EDE6A13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{281CF2B8-7A5A-4323-AA28-716FA2330AF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{35035806-359B-4D87-AB93-2BDE66669119}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{3E2F1807-661B-46EB-822D-1D71F5E3CB8C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{403E0F59-02A5-4A8C-9708-8430F1004982}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe | 
"{4A662BE9-93F6-4272-98E5-BAD44EA87057}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{4C7BF0CE-654A-44A7-99D4-A022F10F9EEC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4DD4C540-1D09-426E-991E-386583265ECC}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{531003A6-AE97-47E2-A35B-621EAE35EEBB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5584BAEF-FC27-45D8-BE05-FB29F1127865}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{565E1049-5156-4E4B-B674-BA607756B702}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5E3828C3-5E55-4591-B6CD-56DDFE01D2ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe | 
"{5F2A2275-5E46-44FC-8802-E209A9ECA6C5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{60926038-7400-4B4E-9908-EEBF442587BD}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{61EBC0A1-8B94-41F0-B160-80B5C6C0BA98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe | 
"{659DA7E4-4627-40EB-9FC7-7F58936B803E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{69F70B4A-6E19-4510-A52E-13A63CFDF9AD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe | 
"{6D2642BD-C1B6-436F-898B-C17EC5F6DB06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{726EE6A1-21AE-41BA-A962-E9A08360E6D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{766DF8D3-0F7C-46C8-BA24-0E2A1823AE07}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{78FCA5F1-653C-4DF9-A2AC-7688A44E7C92}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{854397E6-3857-4550-870B-DBDC8AF02A3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8FF7301B-E37B-440B-9E6C-E84D140F09CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{90831D65-67C9-4E27-B728-2DE01B0DBA12}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{95E54567-E38F-4DA1-BF5C-E12C5322BEDF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{9706E39D-88D8-4161-8089-960579BB92EB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe | 
"{970A1031-290C-4085-8638-78F31DC6A890}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{98C7604B-CC97-46A4-9274-091873CFF5D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{AE1A0077-6623-4B42-92B5-F435E724DCFF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{B7457564-09F6-4D87-8EC5-3DB8D2BF271A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{BB424203-068B-4EA9-92A1-8B35591299C3}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{BB9A5B8E-B5CD-4D8F-8E2C-80F08821B01D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C3399FA8-A540-46DD-8524-32711B86DE0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{C86760C1-CF3B-41F3-9BCD-600158709CDC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C8F1D5FB-A30B-4372-BDDB-C10E2CFE21F8}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising\ofdr.exe | 
"{CB7BEA4E-7E95-4D6F-A9CF-C3E23CD4A37B}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{CF144582-6BE4-4AB5-86C5-55A0B4A2C62B}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D4131697-7E1F-4896-B624-3CE8459614DA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D8590E45-A771-4D20-B458-67942B99B5CB}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{DCE6DD2D-1D90-4236-85EE-4D1D5FC9E34B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe | 
"{DD81012D-A8A3-499C-86AF-16B85C3153B8}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{DE0C2E9E-EA60-4B38-B64D-F21E6AA49441}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DEC26095-CDED-49E4-8FA1-59F570E1090D}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{DF231EAC-BC5F-465A-80E0-5750A8F5B0CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E2D15FB8-B24D-41D4-9402-C2C5956ECF2D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E3BE934A-75E1-491D-A6D8-CA23B46CE2F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{E9474DE8-80F1-4DD7-88B3-C462463812A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F19C5FA7-C5EB-422F-92BD-28C515022AA9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F2B36752-5CD4-48CC-B54A-89CEE5E43893}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{F2E7AB1E-9DC3-431F-BFE3-C57C26409133}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{F2F32402-9466-44DA-9FC2-0CB562ECB9BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FB2A41EE-A153-4FA6-A4DB-DAC20B1C9261}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{FD295EFC-A6F3-4DE8-9094-3E4B0DAC0FD7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"TCP Query User{083EABA5-7007-4191-AA24-13B57984F428}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{1651B8AB-721E-49C5-A232-322FBCE3DB1D}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe | 
"TCP Query User{2298E061-A166-43C1-A91B-1DEF85ECA8A9}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{26A00833-4373-4572-B6A0-D79707DC4279}C:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe | 
"TCP Query User{28E630BA-0243-4876-B097-7ADCC1F7AF9F}C:\users\enno\appdata\local\temp\247638ddf3464905afeb724eac2d8f35\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\enno\appdata\local\temp\247638ddf3464905afeb724eac2d8f35\relicdownloader.exe | 
"TCP Query User{3D3F84C8-4A3B-4CE8-AACD-EA171FA3001B}C:\program files (x86)\streamripper\wstreamripper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamripper\wstreamripper.exe | 
"TCP Query User{4CC94249-D602-46EC-BAD9-B7BD2E294046}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"TCP Query User{577B6C33-26CD-4F5A-B52C-196C9D5C3EB7}C:\program files (x86)\streamripper\wstreamripper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamripper\wstreamripper.exe | 
"TCP Query User{5D6DBFB8-98B7-47C1-B923-35771E1BE6A7}C:\program files (x86)\graffiti studio 2.0\graffiti studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\graffiti studio 2.0\graffiti studio.exe | 
"TCP Query User{718CDCBC-870A-4A3C-9766-DC7E9FED59D5}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{75AD490F-40F7-4DD0-992A-BB066F3FCA48}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{7A6FF1C3-D524-4FD7-B72B-2B1F82A27C4A}C:\program files (x86)\steam\steamapps\enno20\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\enno20\condition zero\hl.exe | 
"TCP Query User{81AF693B-3C36-422F-9120-4DF390D33916}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{96F916EA-DF7F-4788-B757-4B4A116B5ED7}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe | 
"TCP Query User{985265AB-A92C-4D33-A987-2324890D2F38}C:\program files (x86)\electronic arts\need for speed shift\shift.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed shift\shift.exe | 
"TCP Query User{A2FDC286-8F2E-4383-8929-6A9A15AD7D46}C:\program files (x86)\common files\pctv systems\streamingserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pctv systems\streamingserver\strmserver.exe | 
"TCP Query User{A7248D1B-FA4A-4F50-9835-DD3CD1682A14}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{A7F19C30-EFAF-46B1-9070-63580E764641}C:\program files (x86)\steam\steamapps\enno20\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\enno20\counter-strike source\hl2.exe | 
"TCP Query User{B8447E5C-A5B8-4D9D-9E8F-9962AEAEB4B7}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{B88414C6-86B7-4D80-914D-4461C09D80E4}C:\program files\eslwire\wire.exe" = protocol=6 | dir=in | app=c:\program files\eslwire\wire.exe | 
"TCP Query User{BA4271EB-1AE4-44B1-A1EA-2216CC7550B5}C:\program files\bohemia interactive\arma 2\arma2.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe | 
"TCP Query User{C6190A0C-0BA0-4901-AE1F-761AEB6A24FB}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{CC999641-7226-423A-BF2D-3B4B7CFE775F}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{D2891D2B-444F-4957-BD57-AFC00AC51EC6}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{DAB5848D-F6A1-426D-85BB-7816A36C2E7B}C:\program files (x86)\emote\launcher\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emote\launcher\launcher.exe | 
"TCP Query User{E76D315A-1A4E-4265-8768-D05DCF2925C6}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{01FE0390-80D9-4E01-B920-E56D887985DA}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{02D83E32-D5D6-4F48-B0C6-A678C42C5A9F}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{244C28E5-8E5C-4C1B-B4B3-E12919723240}C:\program files (x86)\steam\steamapps\enno20\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\enno20\condition zero\hl.exe | 
"UDP Query User{25C9775A-446B-48E5-9FD1-41F356ED3D8B}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe | 
"UDP Query User{2DD7EC4C-A732-4A8A-AF00-EA9CFE526606}C:\program files (x86)\steam\steamapps\enno20\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\enno20\counter-strike source\hl2.exe | 
"UDP Query User{2FE699B5-45E5-46EF-BD7C-DA71FBD266EE}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{483D0D1A-5C57-404A-A6AB-BB2AFB051B5C}C:\users\enno\appdata\local\temp\247638ddf3464905afeb724eac2d8f35\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\enno\appdata\local\temp\247638ddf3464905afeb724eac2d8f35\relicdownloader.exe | 
"UDP Query User{54E70BCA-D2A6-477E-9D8A-59078ACC9E7A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{5F86CBC8-51FD-47A0-AB8E-D1F22654CDB0}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{60DE6F52-29F9-4025-99D9-1B394FC66A7B}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{66304545-5BC8-4EF5-8B0A-1D5E5B4B129D}C:\program files (x86)\graffiti studio 2.0\graffiti studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\graffiti studio 2.0\graffiti studio.exe | 
"UDP Query User{6DB4EC2E-8FEB-43C0-B6A0-7E0D57758943}C:\program files\eslwire\wire.exe" = protocol=17 | dir=in | app=c:\program files\eslwire\wire.exe | 
"UDP Query User{74D024AE-A8AC-41B2-B07A-C7BBA6ED568A}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{75ACBBC0-145A-4835-A72C-CFA32BC96F17}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{81189211-74AC-45EF-8E05-C69A962FE933}C:\program files (x86)\streamripper\wstreamripper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamripper\wstreamripper.exe | 
"UDP Query User{86902CB1-5CCB-41FD-BB44-DE270DE260E1}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{94110E23-6C48-4C76-A6AE-069FE331A360}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{96DFB07C-581C-4F5E-BA11-BF6D502FB930}C:\program files (x86)\electronic arts\need for speed shift\shift.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed shift\shift.exe | 
"UDP Query User{C64ED9D4-7814-4575-8208-3ECBB431186D}C:\program files\bohemia interactive\arma 2\arma2.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe | 
"UDP Query User{CE7E191C-3554-403E-BC38-E15F470C81F3}C:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe | 
"UDP Query User{D0881980-B560-49C2-A2F8-BFE3728D9623}C:\program files (x86)\emote\launcher\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emote\launcher\launcher.exe | 
"UDP Query User{D9E21402-080C-4DC5-AE2A-72A527E30B5C}C:\program files (x86)\streamripper\wstreamripper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamripper\wstreamripper.exe | 
"UDP Query User{DAAB23D5-D6B5-4423-9DE1-067C3E2EE296}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe | 
"UDP Query User{DE2F6A7D-DFBB-43C7-8F18-A4C603B6E466}C:\program files (x86)\common files\pctv systems\streamingserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pctv systems\streamingserver\strmserver.exe | 
"UDP Query User{F9B245C8-78DC-4D9E-8995-23BF448DDE69}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6FAE10DFB240D4E907C9D4D0087112A6904F57BD" = Windows-Treiberpaket - Razer (CYUSB) USB  (04/09/2009 3.4.0.110)
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java(TM) 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C6ED584-9F75-4235-8718-1F35B59814E8}" = Mamba Firmware Updater 1.13
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7BE49DA7-EDA4-4C63-AA06-DCDF6858C3F3}" = Razer Mamba
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B507047A-83EA-4F7F-BEFE-0E5D78D1B5BE}" = ArcSoft WebCam Companion 2
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C22CAE88-0011-4B0F-8767-13EB422F72BC}" = EVGA SLI Enhancement Patch
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD8E4766-AD77-48F8-98F2-6E759659106F}" = theHunter
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArmA2" = ArmA2 Uninstall
"AudioCS" = Creative Audio-Systemsteuerung
"avast5" = avast! Pro Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BattlEye for OA" = BattlEye for OA Uninstall
"CoD RconTool" = CoD RconTool
"Company of Heroes" = Company of Heroes
"Data cache removal" = Data cache removal
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Emote-Launcher" = Emote-Launcher (remove only)
"Everest Casino" = Everest Casino (Remove Only)
"Everest Poker" = Everest Poker (Remove Only)
"Google Chrome" = Google Chrome
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NSS" = Norton Security Scan
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Precision" = EVGA Precision 2.0.0
"PunkBusterSvc" = PunkBuster Services
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 41300" = Altitude
"Steam App 50130" = Mafia II
"Steam App 65700" = ARMA 2: British Armed Forces
"Steam App 80" = Counter-Strike: Condition Zero
"Streamripper" = Streamripper (Remove only)
"SysInfo" = Creative Systeminformationen
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"The Cleaner_is1" = The Cleaner 2011
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 29.09.2010 14:04:36 | Computer Name = enno-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\NVIDIA Corporation\nTune\MFC80.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.09.2010 01:19:11 | Computer Name = enno-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 30.09.2010 01:19:29 | Computer Name = enno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 30.09.2010 13:24:30 | Computer Name = enno-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 6e4  Anfangszeit: 01cb60b57f53d3cc  Zeitpunkt
 der Beendigung: 69
 
Error - 30.09.2010 13:35:50 | Computer Name = enno-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\NVIDIA Corporation\nTune\MFC80.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.09.2010 13:35:51 | Computer Name = enno-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\NVIDIA Corporation\nTune\MFC80.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.09.2010 14:09:27 | Computer Name = enno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung avcenter.exe, Version 9.0.0.20, Zeitstempel 
0x4b166a29, fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.4148, Zeitstempel 
0x4a594c79, Ausnahmecode 0x40000015, Fehleroffset 0x0005bea4,  Prozess-ID 0x748, Anwendungsstartzeit
 01cb60ca9bbfc9c8.
 
Error - 30.09.2010 14:10:16 | Computer Name = enno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung avcenter.exe, Version 9.0.0.20, Zeitstempel 
0x4b166a29, fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.4148, Zeitstempel 
0x4a594c79, Ausnahmecode 0x40000015, Fehleroffset 0x0005bea4,  Prozess-ID 0xd50, Anwendungsstartzeit
 01cb60cab6f87a28.
 
Error - 30.09.2010 14:11:05 | Computer Name = enno-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung avcenter.exe, Version 9.0.0.20, Zeitstempel 
0x4b166a29, fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.4148, Zeitstempel 
0x4a594c79, Ausnahmecode 0x40000015, Fehleroffset 0x0005bea4,  Prozess-ID 0x117c, 
Anwendungsstartzeit 01cb60cad42ef658.
 
Error - 30.09.2010 15:25:24 | Computer Name = enno-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
[ System Events ]
Error - 01.10.2010 13:49:45 | Computer Name = enno-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.10.2010 13:49:45 | Computer Name = enno-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.10.2010 13:49:45 | Computer Name = enno-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.10.2010 13:49:59 | Computer Name = enno-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.10.2010 13:50:00 | Computer Name = enno-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.10.2010 13:50:00 | Computer Name = enno-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.10.2010 13:50:00 | Computer Name = enno-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.10.2010 13:50:00 | Computer Name = enno-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.10.2010 13:50:00 | Computer Name = enno-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 01.10.2010 13:50:25 | Computer Name = enno-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
Seitenanfang Seitenende
01.10.2010, 20:41
Swisstreasure
Moderator

Beiträge: 5694
#6 Schritt 1

Mehrere Anti-Virus-Programme

Code

Avast
Avira


Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast und deinstalliere die anderen.


Schritt 2

Infos zu Pokerspielen

Party Poker, PartyCasino, Ultimate Bet, EmpirePoker und andere Poker-Websites (Liste schädlicher Pokerseiten) beinhalten das Risiko, dass Du Dir beim Besuch der Seiten Malware auf den Rechner holst. In vielen Fällen werden ungefragt Plugins installiert, die weitere Parasiten "nachladen". Mir derzeit bekannte sichere Alternativen sind PokerStars und Pogo.com. Meine Empfehlung lautet, alle anderen über Systemsteuerung => Software zu deinstallieren.

Zitat

Everest Casino
PacificPoker
Schritt 3

Fixen mit OTL

• Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code

:OTL
O2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup]  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
:Commands
[purity]
[emptytemp]
• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.


Schritt 4

Ich hab gesehen dass Du bereits mit Malwarebytes gescannt hast. Bitte poste mir das Log von dazumal.

Schritt 5

Lade dir Lop S&D herunter. Alternativlink hier

Windows2000/XP: Führe Lop S&D.exe per Doppelklick aus.

Windows Vista und 7: Rechtsklick auf Lop S&D.exe => Ausführen als Admin!!

Wähle die Sprache deiner Wahl und anschließend die Option 1.
Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).
Seitenanfang Seitenende
01.10.2010, 22:10
enno23
Member

Themenstarter

Beiträge: 13
#7

Code

All processes killed
Error: Unable to interpret <:OTLO2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not foundO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O4 - HKLM..\Run: [NPSStartup]  File not foundO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\Shell - "" = AutoRunO33 - MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not foundO33 - MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\Shell - "" = Aut> in the current context!
Error: Unable to interpret <oRunO33 - MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- File not foundO33 - MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\Shell - "" = AutoRunO33 - MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found:Commands[purity][emptytemp]> in the current context!
 
OTL by OldTimer - Version 3.2.14.1 log created on 10012010_215949

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Seitenanfang Seitenende
01.10.2010, 22:12
enno23
Member

Themenstarter

Beiträge: 13
#8

Code

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4724

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

01.10.2010 07:18:15
mbam-log-2010-10-01 (07-18-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 322102
Laufzeit: 2 Stunde(n), 40 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Seitenanfang Seitenende
01.10.2010, 22:16
enno23
Member

Themenstarter

Beiträge: 13
#9

Code


   --------------------\\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft® Windows Vista™ Home Premium  ( v6.0.6002 ) Service Pack 2
   x64-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : enno ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:465 Go (Free:193 Go)
   D:\ (CD or DVD)
   E:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 01.10.2010|22:14 )

   [ UAC => 1 ]
 
   --------------------\\  Ordner Verzeichnis unter Local

   [16.07.2010|21:56] C:\Users\enno\AppData\Local\{AADEF95F-E36B-426E-B7B1-70E7D4F6AA5B}
   [27.08.2010|07:25] C:\Users\enno\AppData\Local\2K Games
   [25.08.2010|21:52] C:\Users\enno\AppData\Local\76561197985352270
   [23.01.2010|06:21] C:\Users\enno\AppData\Local\Adobe
   [20.07.2009|17:49] C:\Users\enno\AppData\Local\Anwendungsdaten 
   [23.09.2009|18:46] C:\Users\enno\AppData\Local\Apple
   [06.03.2010|15:23] C:\Users\enno\AppData\Local\Apple Computer
   [23.01.2010|14:24] C:\Users\enno\AppData\Local\Apps
   [02.12.2009|00:00] C:\Users\enno\AppData\Local\ArcSoft
   [20.09.2010|21:17] C:\Users\enno\AppData\Local\ArmA 2
   [26.09.2010|17:53] C:\Users\enno\AppData\Local\ArmA 2 OA
   [23.01.2010|10:07] C:\Users\enno\AppData\Local\d3d8caps.dat
   [23.01.2010|10:07] C:\Users\enno\AppData\Local\d3d9caps.dat
   [27.07.2009|19:05] C:\Users\enno\AppData\Local\d3d9caps64.dat
   [15.08.2010|00:47] C:\Users\enno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [30.09.2010|21:26] C:\Users\enno\AppData\Local\dd_vcredistMSI1418.txt
   [27.10.2009|19:39] C:\Users\enno\AppData\Local\dd_vcredistMSI1929.txt
   [25.08.2010|21:36] C:\Users\enno\AppData\Local\dd_vcredistMSI1EC8.txt
   [19.10.2009|22:32] C:\Users\enno\AppData\Local\dd_vcredistMSI2C9E.txt
   [25.03.2010|20:24] C:\Users\enno\AppData\Local\dd_vcredistMSI34E5.txt
   [25.08.2010|20:16] C:\Users\enno\AppData\Local\dd_vcredistMSI6179.txt
   [28.07.2009|00:53] C:\Users\enno\AppData\Local\dd_vcredistMSI7530.txt
   [18.11.2009|23:20] C:\Users\enno\AppData\Local\dd_vcredistMSI78BF.txt
   [30.09.2010|21:26] C:\Users\enno\AppData\Local\dd_vcredistUI1418.txt
   [27.10.2009|19:39] C:\Users\enno\AppData\Local\dd_vcredistUI1929.txt
   [25.08.2010|21:36] C:\Users\enno\AppData\Local\dd_vcredistUI1EC8.txt
   [19.10.2009|22:32] C:\Users\enno\AppData\Local\dd_vcredistUI2C9E.txt
   [25.03.2010|20:24] C:\Users\enno\AppData\Local\dd_vcredistUI34E5.txt
   [25.08.2010|20:16] C:\Users\enno\AppData\Local\dd_vcredistUI6179.txt
   [28.07.2009|00:53] C:\Users\enno\AppData\Local\dd_vcredistUI7530.txt
   [18.11.2009|23:20] C:\Users\enno\AppData\Local\dd_vcredistUI78BF.txt
   [05.05.2010|18:00] C:\Users\enno\AppData\Local\Deployment
   [02.12.2009|00:12] C:\Users\enno\AppData\Local\desktop.ini
   [08.06.2010|20:30] C:\Users\enno\AppData\Local\Downloaded Installations
   [19.04.2010|19:24] C:\Users\enno\AppData\Local\GDIPFONTCACHEV1.DAT
   [29.11.2009|17:06] C:\Users\enno\AppData\Local\Google
   [01.10.2010|22:00] C:\Users\enno\AppData\Local\IconCache.db
   [02.08.2010|20:50] C:\Users\enno\AppData\Local\Microsoft
   [27.11.2009|22:18] C:\Users\enno\AppData\Local\Mozilla
   [26.09.2010|23:42] C:\Users\enno\AppData\Local\NPE
   [28.08.2010|19:55] C:\Users\enno\AppData\Local\NVIDIA Corporation
   [28.11.2009|17:28] C:\Users\enno\AppData\Local\PCTV Systems
   [01.02.2010|19:45] C:\Users\enno\AppData\Local\PunkBuster
   [26.12.2009|05:17] C:\Users\enno\AppData\Local\RecConfig.xml
   [20.08.2010|20:58] C:\Users\enno\AppData\Local\Rockstar Games
   [01.10.2010|22:13] C:\Users\enno\AppData\Local\Temp
   [20.07.2009|17:49] C:\Users\enno\AppData\Local\Temporary Internet Files 
   [20.08.2010|20:51] C:\Users\enno\AppData\Local\Unity
   [20.07.2009|17:49] C:\Users\enno\AppData\Local\Verlauf 
   [28.11.2009|19:46] C:\Users\enno\AppData\Local\VirtualStore
   [12.10.2009|21:04] C:\Users\enno\AppData\Local\WindowsUpdate
   [04.07.2010|17:35] C:\Users\enno\AppData\Local\WOP
   [24|Datei(en),] C:\Users\enno\AppData\Local\Bytes
   [30|Verzeichnis(se),] C:\Users\enno\AppData\Local\Bytes frei
 
   --------------------\\  Geplante Aufgaben unter C:\Windows\Tasks

   [01.10.2010 21:30][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
   [01.10.2010 22:01][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
   [01.10.2010 22:01][--ah-----] C:\Windows\tasks\SA.DAT
   [01.10.2010 22:00][--a------] C:\Windows\tasks\SCHEDLGU.TXT

   --------------------\\  Ordner Verzeichnis unter C:\ProgramData
   
   [23.09.2009|18:48] C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
   [31.03.2010|21:20] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
   [02.02.2010|09:44] C:\ProgramData\Adobe
   [30.09.2010|21:26] C:\ProgramData\Alwil Software
   [20.07.2009|17:46] C:\ProgramData\Anwendungsdaten 
   [23.09.2009|18:48] C:\ProgramData\Apple
   [23.09.2009|18:47] C:\ProgramData\Apple Computer
   [02.11.2006|17:42] C:\ProgramData\Application Data 
   [30.09.2010|07:20] C:\ProgramData\ArcSoft
   [26.12.2009|05:23] C:\ProgramData\AVS4YOU
   [30.12.2009|07:43] C:\ProgramData\Codemasters
   [12.03.2010|21:43] C:\ProgramData\Creative
   [18.10.2009|18:38] C:\ProgramData\Creative Labs
   [02.11.2006|17:42] C:\ProgramData\Desktop 
   [27.09.2010|21:03] C:\ProgramData\DivX
   [02.11.2006|17:42] C:\ProgramData\Documents 
   [20.07.2009|17:46] C:\ProgramData\Dokumente 
   [12.09.2010|12:08] C:\ProgramData\EA Logs
   [25.05.2010|19:21] C:\ProgramData\Emote
   [20.07.2009|17:46] C:\ProgramData\Favoriten 
   [02.11.2006|17:42] C:\ProgramData\Favorites 
   [16.07.2010|21:56] C:\ProgramData\FLEXnet
   [21.12.2009|00:14] C:\ProgramData\G DATA
   [20.08.2010|22:28] C:\ProgramData\Google
   [12.03.2010|21:01] C:\ProgramData\MAGIX
   [30.09.2010|20:31] C:\ProgramData\Malwarebytes
   [10.12.2009|22:22] C:\ProgramData\McAfee
   [15.02.2010|22:07] C:\ProgramData\Media Center Programs
   [04.06.2010|16:40] C:\ProgramData\Microsoft
   [01.10.2010|21:38] C:\ProgramData\Norton
   [14.06.2010|18:49] C:\ProgramData\NortonInstaller
   [30.09.2010|19:25] C:\ProgramData\ntuser.pol
   [01.10.2010|21:28] C:\ProgramData\NVIDIA
   [24.06.2010|23:20] C:\ProgramData\NVIDIA Corporation
   [01.10.2010|22:01] C:\ProgramData\nvModes.001
   [01.10.2010|22:01] C:\ProgramData\nvModes.dat
   [20.10.2009|01:44] C:\ProgramData\PC Drivers HeadQuarters
   [08.06.2010|20:17] C:\ProgramData\PC Suite
   [20.08.2010|20:54] C:\ProgramData\PCTV Systems
   [11.09.2010|11:35] C:\ProgramData\Razer
   [18.10.2009|18:37] C:\ProgramData\Setup.log
   [10.10.2009|22:02] C:\ProgramData\Skype
   [02.11.2006|17:42] C:\ProgramData\Start Menu 
   [20.07.2009|17:46] C:\ProgramData\Startmenü 
   [04.04.2010|20:33] C:\ProgramData\Sun
   [01.10.2010|21:38] C:\ProgramData\Symantec
   [02.11.2006|17:42] C:\ProgramData\Templates 
   [16.07.2010|21:57] C:\ProgramData\Vodafone
   [20.07.2009|17:46] C:\ProgramData\Vorlagen 
   [04.07.2010|17:35] C:\ProgramData\WOP
   [01.10.2010|04:10] C:\ProgramData\Xfire
   [4|Datei(en),] C:\ProgramData\Bytes
   [49|Verzeichnis(se),] C:\ProgramData\Bytes frei
Seitenanfang Seitenende
01.10.2010, 22:17
enno23
Member

Themenstarter

Beiträge: 13
#10 hab avast genommen weil antivir nicht so gut ist. und ausserdem wurde gerade eben noch ein rootkit gefunden
Seitenanfang Seitenende
01.10.2010, 22:21
Swisstreasure
Moderator

Beiträge: 5694
#11 Du hast Das Script bei OTL nicht richtig angewendet. Kopiere nur das was in der Codebox steht!
Seitenanfang Seitenende
01.10.2010, 22:31
enno23
Member

Themenstarter

Beiträge: 13
#12

Code

All processes killed
Error: Unable to interpret <:OTLO2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not foundO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O4 - HKLM..\Run: [NPSStartup]  File not foundO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\Shell - "" = AutoRunO33 - MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not foundO33 - MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\Shell - "" = Aut> in the current context!
Error: Unable to interpret <oRunO33 - MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- File not foundO33 - MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\Shell - "" = AutoRunO33 - MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found:Commands[purity][emptytemp]> in the current context!
 
OTL by OldTimer - Version 3.2.14.1 log created on 10012010_222704

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Seitenanfang Seitenende
02.10.2010, 22:02
Swisstreasure
Moderator

Beiträge: 5694
#13 Irgdend etwas kopierst Du falsch.

Zitat

:OTL
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
:Commands
[purity]
[emptytemp]
Schau dass wirklich nur das in der Box steht was hier oben in der Box steht.
Seitenanfang Seitenende
03.10.2010, 23:17
enno23
Member

Themenstarter

Beiträge: 13
#14

Code

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{731abb4f-90f9-11df-8ffc-00ff01000001}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{731abb4f-90f9-11df-8ffc-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{731abb4f-90f9-11df-8ffc-00ff01000001}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c00b27ea-7636-11de-b79c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c00b27ea-7636-11de-b79c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c00b27ea-7636-11de-b79c-806e6f6e6963}\ not found.
File D:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c792b957-08f4-11df-abfe-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c792b957-08f4-11df-abfe-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c792b957-08f4-11df-abfe-806e6f6e6963}\ not found.
File D:\Autorun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
 
User: Default User
 
User: enno
->Temp folder emptied: 2000 bytes
->Temporary Internet Files folder emptied: 252022301 bytes
->Java cache emptied: 68438231 bytes
->FireFox cache emptied: 51929295 bytes
->Google Chrome cache emptied: 9809488 bytes
->Apple Safari cache emptied: 12555264 bytes
->Flash cache emptied: 64947 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 9902134 bytes
%systemroot%\System32 (64bit) .tmp files removed: 4479945 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3239514113 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51862 bytes
RecycleBin emptied: 1086694162 bytes
 
Total Files Cleaned = 4.517,00 mb
 
 
OTL by OldTimer - Version 3.2.14.1 log created on 10032010_231302

Files\Folders moved on Reboot...
File\Folder C:\Users\enno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQ2GYL1H\openmail.app[1].htm not found!
File\Folder C:\Users\enno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YJIE21QE\t40411[1].htm not found!
File\Folder C:\Users\enno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YJIE21QE\uApB9KV_hxl[1].js not found!
File\Folder C:\Users\enno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YJIE21QE\WI6-F8C3sFE[1].js not found!
File move failed. C:\Windows\SysNative\SET3B.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET4A39.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET7540.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET8461.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET84F0.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET8570.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET9F95.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETC5A.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETDD9.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETE085.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETE5E7.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETF6EC.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SETF927.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Seitenanfang Seitenende
04.10.2010, 10:21
Swisstreasure
Moderator

Beiträge: 5694
#15 Geht doch ;)

Wie läufts mit dem Player?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12