Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.09.2010, 15:26   #1
nero08
 
Antimalware Doctor - Standard

Antimalware Doctor



Hi @all!!!

hab mir leider was eingefangen bzw. mein PC. Bin laut anleitung vorgegangen.

1.) Iexplore:

Code:
ATTFilter
This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 
Ran as *** on 07.09.2010 at 16:11:33. 


Services Stopped:


Processes terminated by Rkill or while it was running: 




Rkill completed on 07.09.2010  at 16:11:36.
         
2.) Anti- Malwarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4561

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

07.09.2010 15:39:28
mbam-log-2010-09-07 (15-39-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|)
Durchsuchte Objekte: 776263
Laufzeit: 1 Stunde(n), 58 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 27

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Trojan.Agent.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lt4tmf (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.FakeAlert) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Local\Temp\geurge.exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\***\AppData\Local\Temp\doa546.exe (Backdoor.Bot) -> No action taken.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
C:\Users\***\AppData\Local\Temp\7619,062.exe (Trojan.Dropper) -> No action taken.
C:\Users\***\AppData\Local\Temp\awttsvlg.exe (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\jytr.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\***\AppData\Local\Temp\lnudls.exe (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\nwmxaecrso.exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\***\AppData\Local\Temp\remacsnowx.exe (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Local\Temp\sxcfgslr.exe (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\thuurs.exe (Heuristics.Shuriken) -> No action taken.
C:\Users\***\AppData\Roaming\antispy.exe (Trojan.FakeAlert) -> No action taken.
I:\fun.xls.exe (Worm.AutoRun) -> No action taken.
I:\Software - CD\Freeripmp3\freeripmp3.exe (Adware.MyWay) -> No action taken.
I:\System Volume Information\_restore{8A678CD9-BC47-45B9-B58C-B964E2B82263}\RP200\A0058960.exe (Worm.AutoRun) -> No action taken.
I:\System Volume Information\_restore{CFB6E64A-5D4B-4564-98E3-77EC49187E45}\RP12\A0004309.exe (Worm.AutoRun) -> No action taken.
C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\***\AppData\Roaming\49B403C00339D9F911D0257CF39FD721\mediafix70700en02.exe (Trojan.FakeAlert) -> No action taken.
         
3.)CCleaner

hab ich durchgeführt bis keine Fehler mehr in Regestry

4.) RSIT

Code:
ATTFilter
info.txt logfile of random's system information tool 1.08 2010-09-07 16:07:18

======Uninstall list======

-->MsiExec /X{11AE6807-50D2-4F59-82B3-2C3E695E94C2}
3DVIA player 5.0-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
AI Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x7 
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files (x86)\AskBarDis\unins000.exe"
Aspell 0.6 Dictionary (Language: de)-->"C:\ProgramData\Aspell\Dictionaries\Uninstall-AspellDict-de.exe"
Aspell Data-->"C:\ProgramData\Aspell\Uninstall-AspellData.exe"
ASUSUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x7 
BitTorrent-->D:\Program Files (x86)\BitTorrent\uninst.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner-->"D:\Program Files (x86)\CCleaner\uninst.exe"
Command & Conquer(TM) Generäle-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32} 
Command and Conquer(TM) Generäle Die Stunde Null -->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} 
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"E:\Games\Company of Heroes\Uninstall_German.exe"
Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
DAEMON Tools Toolbar-->C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe
Dev-C++ 5 beta 9 release (4.9.9.2)-->"E:\Dev-Cpp\uninstall.exe"
Die Gilde - Gaukler, Gruften und Geschütze-->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG
Die Gilde 2 - Die Seeräuber der Hanse-->E:\Program Files (x86)\Die Gilde 2 - Die Seeräuber der Hanse\uninstall.exe
Die Gilde 2-->C:\Windows\unvise32.exe E:\Programme\Die Gilde 2\uninstal.log
Die Gilde Addon Update v. 2.06 -->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG
Die Gilde Update v1.04a-->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG
Die Schlacht um Mittelerde™ II-->E:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\EAUninstall.exe
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EA Download Manager-->E:\Program Files (x86)\Electronic Arts\EADM\Uninstall.exe
EVEREST Ultimate Edition v5.30-->"D:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
FileZilla Client 3.2.7.1-->D:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Freelancer-->"E:\Program Files (x86)\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
FUSSBALL MANAGER 10-->E:\Program Files (x86)\EA SPORTS\FUSSBALL MANAGER 10\eauninstall.exe
GameCenter 1.3.0.5-->"C:\Program Files (x86)\Cyanide\GameCenter\unins000.exe"
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\Windows\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
Grand Theft Auto IV-->"C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)-->C:\Windows\SysWOW64\msiexec.exe /package {D7DAD1E4-45F4-3B2B-899A-EA728167EC4F} /uninstall {06694B0F-B778-4E13-B841-4FF9CC81D0C5} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)-->C:\Windows\SysWOW64\msiexec.exe /package {D7DAD1E4-45F4-3B2B-899A-EA728167EC4F} /uninstall {E1404B9C-5F36-406A-B720-70FA3F242B7B} /qb+ REBOOTPROMPT=""
Java Media Framework 2.1.1a-->C:\Windows\IsUninst.exe -f"D:\Program Files (x86)\JMF2.1.1\Uninst.isu"
Java MP3 PlugIn-->C:\Windows\IsUninst.exe -f"D:\Program Files (x86)\Java\jre6\Uninst.isu"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013F0}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
LyX 1.6.4-1-->"E:\Lyx\Uninstall-LyX.exe"
Malwarebytes' Anti-Malware-->"D:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
MathPlayer-->C:\Program Files (x86)\Design Science\MathPlayer\Setup.exe -u
Microsoft Document Explorer 2008-->C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Flight Simulator X Service Pack 1-->C:\Windows\SysWOW64\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {7FB5887E-FA27-4CDC-BBA4-146487E789FA} /package {F535B2CF-C9BB-4162-B03A-02D6971F32CC}
Microsoft Flight Simulator X Service Pack 2-->MsiExec.exe /X{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}
Microsoft Flight Simulator X-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC} 
Microsoft Flight Simulator X-->MsiExec.exe /X{F535B2CF-C9BB-4162-B03A-02D6971F32CC}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-0409-0000-0000000FF1CE} /uninstall {E1044ED2-E4AD-4B39-B500-31109750F6B4}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {519D9F45-CBF4-4E57-B419-11F196CCA8AE}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Express Edition-->MsiExec.exe /I{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU-->MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU-->E:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MiKTeX 2.7-->"E:\Program Files (x86)\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "E:\Program Files (x86)\MiKTeX 2.7\miktex\config\uninstall.dat"
Mozilla Firefox (3.5.6)-->D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\setup.exe -runfromtemp -l0x0009 -removeonly
NHL™ 09-->MsiExec.exe /X{827B97A9-B347-4110-9F89-37AF2B758F94}
Norton Security Scan-->C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe /X
NVIDIA PhysX v8.05.26-->MsiExec.exe /X{11AE6807-50D2-4F59-82B3-2C3E695E94C2}
Packet Tracer 5.1-->"D:\Program Files (x86)\Packet Tracer 5.1\unins000.exe"
Patch v4.1-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins001.exe"
ProtectDisc Driver, Version 11-->C:\Program Files (x86)\ProtectDisc Driver Installer\uninstall_v11.exe
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio 2007 (KB982127)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {AA3200A8-BD90-4763-B7D0-27DFBFB8DD71}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Star Wars Empire at War-->C:\Program Files (x86)\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\setup.exe -runfromtemp -l0x0007 -removeonly
Star Wars: The Force Unleashed-->"E:\Program Files (x86)\Activision\Star Wars The Force Unleashed\unins000.exe"
Steamless Left4Dead2 Pack-->E:\Program Files (x86)\Steamless Left4Dead2 Pack\uninstall.exe
TeleTeachingTool-->"D:\Program Files (x86)\TeleTeachingTool\Uninstall.exe" "D:\Program Files (x86)\TeleTeachingTool\install.log"
The Guild 2 - Renaissance-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins000.exe"
The Guild 2 - Renaissance-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins002.exe"
TmNationsForever Update 2010-03-15-->"E:\Program Files (x86)\TmNationsForever\unins000.exe"
Tour de France 2010 - Der offizielle Radsport-Manager Version 1-->"E:\Program Files (x86)\Cyanide\Pro Cycling Manager - Season 2010\unins000.exe"
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409  -removeonly
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Visio 2007 Help (KB963666)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {D2C4ACC9-12F5-4E1C-81A8-5DC878AC6278}
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Visual Studio 2005 Tools for Office Second Edition Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
VLC media player 1.0.1-->D:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
WinRAR-->D:\Program Files (x86)\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-18_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100451
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-16_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100450
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Athlon-7850
Event Code: 4373
Message: Windows-Wartung hat das Paket KB977816(Security Update) erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 100449
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-22_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100448
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-21_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100447
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: Athlon-7850
Event Code: 1005
Message: Ergebnis der Inanspruchnahme von Windows-Rechten: hr=0x0

Record Number: 35501
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100303214722.000000-000
Event Type: Informationen
User: 

Computer Name: Athlon-7850
Event Code: 1003
Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen.
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
Lizenzierungsstatus=
{1,[11db994f-af86-4eb9-af35-fb4e3b0256f5, 8, 0xC004F014,0x0]}

{1,[3a1d44e2-bede-46fb-8a02-0cd485a1db8b, 8, 0xC004F014,0x0]}

{1,[6b16d38b-7dac-4614-9948-b4a92ddba889, 8, 0xC004F014,0x0]}

{1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]}

{1,[a3481201-436e-4fc9-88b4-34ccf7f81789, 8, 0xC004F014,0x0]}

{1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]}

{1,[a7a4a974-ad47-420e-8e1a-83d28572058a, 8, 0xC004F014,0x0]}

{1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]}

{1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 8, 0xC004F014,0x0]}

{1,[c3505bd0-004a-49b9-84db-a1a4869eddf1, 8, 0xC004F014,0x0]}

{1,[c5d8ec70-e2ae-42d8-aaa9-eec3772438ee, 8, 0xC004F014,0x0]}

{1,[cdb090c3-053c-4cd1-9cb2-e35b1738747a, 8, 0xC004F014,0x0]}

{1,[da0483a8-c443-45fd-9b52-2bba9b2ee8ab, 8, 0xC004F014,0x0]}

{1,[e05164a4-fb9a-471f-8c3a-6959b4cf1b72, 8, 0xC004F014,0x0]}

{1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}

{1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]}

Record Number: 35500
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100303214722.000000-000
Event Type: Informationen
User: 

Computer Name: Athlon-7850
Event Code: 1033
Message: Die Richtlinien werden ausgeschlossen, da sie nur mit dem override-only-Attribut definiert wurden.
Richtliniennamen=(IIS-W3SVC-MaxConcurrentRequests) (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w) 
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
SKU-ID=f3acdd3c-119a-4932-a3d7-0b6f33a1dca9
Record Number: 35499
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100303214722.000000-000
Event Type: Informationen
User: 

Computer Name: Athlon-7850
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.  


Record Number: 35498
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100303214718.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Athlon-7850
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 35497
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100303214718.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: Athlon-7850
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		ATHLON-7850$
	Kontodomäne:		NETZWERK
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-20
	Kontoname:		NETZWERKDIENST
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e4
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x2b8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 17622
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.964144-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Athlon-7850
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 17621
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.870543-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Athlon-7850
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		ATHLON-7850$
	Kontodomäne:		NETZWERK
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x2b8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 17620
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.870543-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Athlon-7850
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		ATHLON-7850$
	Kontodomäne:		NETZWERK
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x2b8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Netzwerkadresse:	-
	Port:			-

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 17619
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.870543-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Athlon-7850
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.

	Anzahl von Elementen:	0
	Richtlinienkennung:	0x146dc
Record Number: 17618
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.667742-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=E:\Program Files (x86)\MiKTeX 2.7\miktex\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"VS90COMNTOOLS"=e:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\Tools\
"RGSCLauncher"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club
"RGSC"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;D:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
         

Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by *** at 2010-09-07 16:07:13
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 9 GB (17%) free of 52 GB
Total RAM: 8190 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:07:17, on 07.09.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\rundll32.exe
D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe
D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
D:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
E:\Eigene Dateien\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\***.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe"
O4 - HKLM\..\Run: [QFan Help] "D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [nxasocewrm.exe] "C:\Users\***\AppData\Local\Temp\nxasocewrm.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [byivqr] RUNDLL32.EXE C:\Users\***\AppData\Local\Temp\msllhsjn.dll,w
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-416053540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A9BC827-1B38-4705-9949-BBEAE13D0DB2}: NameServer = 195.3.96.67 213.33.98.136
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10384 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for ***.job
C:\Windows\tasks\User_Feed_Synchronization-{4C930AB4-14B1-4E60-A93F-1FEE84B26496}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-28 61440]
"Ai Nap"=D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe [2008-12-22 1953280]
"QFan Help"=D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [2008-05-06 594432]
"Cpu Level Up help"=D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
"Adobe Reader Speed Launcher"=D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-08-10 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-09-01 421160]
"SunJavaUpdateSched"=D:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"nxasocewrm.exe"=C:\Users\***\AppData\Local\Temp\nxasocewrm.exe [2010-09-07 48128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"AlcoholAutomount"=D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-24 203416]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"RGSC"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2010-03-14 306088]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-13 26192168]
"DAEMON Tools Pro Agent"=E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2010-04-15 427328]
"byivqr"=C:\Users\***\AppData\Local\Temp\msllhsjn.dll [2010-09-07 36865]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NETGEAR WG111T Smart Wizard.lnk - D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files (x86)\BitTorrent\bittorrent.exe"="D:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-07 16:07:13 ----D---- C:\rsit
2010-09-07 16:07:13 ----D---- C:\Program Files (x86)\trend micro
2010-09-07 13:38:10 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2010-09-07 13:38:03 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-09-07 13:38:02 ----D---- C:\ProgramData\Malwarebytes
2010-09-07 13:02:01 ----A---- C:\Windows\SysWOW64\3356018.BAT
2010-09-07 13:01:39 ----D---- C:\Users\***\AppData\Roaming\49B403C00339D9F911D0257CF39FD721
2010-09-06 16:32:18 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\java.exe
2010-09-03 23:40:25 ----D---- C:\Program Files (x86)\Java
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jsound.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvh263.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvfw.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvcm.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmutil.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmpegv.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmpa.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmci.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmjpeg.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmh263enc.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmh261.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmgsm.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmgdi.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmg723.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmfjawt.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmddraw.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmdaudc.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmdaud.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmcvid.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmam.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmacm.dll
2010-09-03 20:31:13 ----A---- C:\Windows\IsUninst.exe
2010-09-02 12:55:46 ----D---- C:\Program Files (x86)\iTunes
2010-09-02 12:53:34 ----D---- C:\Program Files (x86)\QuickTime
2010-09-02 12:51:02 ----D---- C:\Program Files (x86)\Bonjour
2010-08-30 21:47:13 ----D---- C:\ProgramData\Symantec
2010-08-30 21:47:13 ----D---- C:\ProgramData\Norton
2010-08-30 21:47:13 ----D---- C:\Program Files (x86)\Norton Security Scan
2010-08-30 21:47:12 ----D---- C:\ProgramData\NortonInstaller
2010-08-30 21:47:12 ----D---- C:\Program Files (x86)\NortonInstaller
2010-08-30 19:28:56 ----D---- C:\ProgramData\EA Logs
2010-08-25 21:27:01 ----D---- C:\Users\***\AppData\Roaming\The Creative Assembly
2010-08-25 17:42:16 ----D---- C:\Program Files (x86)\Design Science
2010-08-17 13:42:46 ----D---- C:\Program Files (x86)\The Guild 2 - Renaissance
2010-08-16 15:49:04 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-08-16 15:48:32 ----A---- C:\Windows\SysWOW64\iccvid.dll
2010-08-16 15:48:11 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-08-16 15:48:11 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-08-16 15:48:10 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-08-16 15:48:09 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\occache.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iesetup.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iernonce.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ie4uinit.exe
2010-08-16 15:48:07 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-08-16 15:48:07 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-08-16 15:48:03 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-08-16 15:47:57 ----A---- C:\Windows\SysWOW64\schannel.dll

======List of files/folders modified in the last 1 months======

2010-09-07 16:07:16 ----D---- C:\Windows\Temp
2010-09-07 16:07:13 ----RD---- C:\Program Files (x86)
2010-09-07 15:54:51 ----D---- C:\Windows\Debug
2010-09-07 15:54:51 ----D---- C:\Windows
2010-09-07 15:44:02 ----D---- C:\Windows\SysWOW64
2010-09-07 13:38:03 ----D---- C:\Windows\SysWOW64\drivers
2010-09-07 13:38:02 ----HD---- C:\ProgramData
2010-09-07 13:12:20 ----D---- C:\Windows\Prefetch
2010-09-07 13:01:36 ----SHD---- C:\Windows\Installer
2010-09-07 12:15:50 ----SHD---- C:\System Volume Information
2010-09-07 12:11:14 ----D---- C:\Users\***\AppData\Roaming\Skype
2010-09-06 20:16:31 ----SD---- C:\Windows\Downloaded Program Files
2010-09-06 16:32:18 ----D---- C:\Program Files (x86)\Common Files
2010-09-05 15:19:11 ----D---- C:\ProgramData\DivX
2010-09-05 15:19:11 ----D---- C:\Program Files (x86)\DivX
2010-09-05 15:19:11 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2010-09-03 21:31:31 ----D---- C:\Users\***\AppData\Roaming\vlc
2010-09-03 11:45:30 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-09-02 12:55:47 ----RD---- C:\Program Files
2010-09-02 12:55:46 ----D---- C:\ProgramData\Apple Computer
2010-09-02 12:55:46 ----D---- C:\Program Files (x86)\Common Files\Apple
2010-09-02 12:52:16 ----D---- C:\Windows\inf
2010-09-02 12:51:02 ----D---- C:\Windows\System32
2010-09-01 15:25:07 ----SD---- C:\Users\***\AppData\Roaming\Microsoft
2010-08-31 20:58:26 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2010-08-30 21:47:18 ----D---- C:\Windows\Tasks
2010-08-30 19:24:29 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-30 19:18:11 ----D---- C:\Windows\Minidump
2010-08-26 01:16:09 ----D---- C:\Users\***\AppData\Roaming\BitTorrent
2010-08-25 20:52:30 ----RSD---- C:\Windows\assembly
2010-08-25 17:42:16 ----RSD---- C:\Windows\Fonts
2010-08-24 19:42:09 ----D---- C:\Users\***\AppData\Roaming\temp
2010-08-17 12:32:47 ----D---- C:\Windows\winsxs
2010-08-17 12:28:02 ----D---- C:\Windows\Microsoft.NET
2010-08-17 12:19:52 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-17 12:19:49 ----D---- C:\Program Files (x86)\Windows Mail
2010-08-17 12:19:48 ----D---- C:\Windows\SysWOW64\migration
2010-08-16 22:00:06 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys []
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys []
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\Windows\System32\drivers\sfdrv01a.sys []
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys []
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\Windows\System32\drivers\sfsync04.sys []
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys []
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys []
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh64.sys []
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-04-08 70400]
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2003-09-06 6944]
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
S1 acedrv07;acedrv07; \??\C:\Windows\system32\drivers\acedrv07.sys []
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-04-08 54272]
S1 SSHDRV59;SSHDRV59; \??\C:\Windows\system32\drivers\SSHDRV59.sys [2010-02-13 35840]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
S3 a2shxq3i;a2shxq3i; C:\Windows\SysWOW64\drivers\a2shxq3i.sys []
S3 asb6kma2;asb6kma2; C:\Windows\SysWOW64\drivers\asb6kma2.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50a64.sys []
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50a64.sys []
S3 PCD59X2;PCD59X2; \??\C:\Users\***\AppData\Local\Temp\PCD59X2.sys []
S3 PCD59X3;PCD59X3; \??\C:\Users\***\AppData\Local\Temp\PCD59X3.sys []
S3 PCD59X4;PCD59X4; \??\C:\Users\***\AppData\Local\Temp\PCD59X4.sys []
S3 PCD59X5;PCD59X5; \??\C:\Users\***\AppData\Local\Temp\PCD59X5.sys []
S3 PCD59X6;PCD59X6; \??\C:\Users\***\AppData\Local\Temp\PCD59X6.sys []
S3 PCD59X7;PCD59X7; \??\C:\Users\***\AppData\Local\Temp\PCD59X7.sys []
S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service; C:\Windows\system32\DRIVERS\WG111Tvx.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 xnacc;Treiberdienst XBOX 360-Controller für Windows; C:\Windows\system32\DRIVERS\xnacc.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-12-26 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-12-26 103736]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 932640]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe svc []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-07 4466688]

-----------------EOF-----------------
         

bin ich jetzt clean

Danke für Eure Hilfe!!!

lg

Alt 07.09.2010, 15:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor - Standard

Antimalware Doctor



Zitat:
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
Wasndas hier? Wo hast Du dieses Teil von Ubisoft her?
__________________

__________________

Alt 07.09.2010, 15:36   #3
nero08
 
Antimalware Doctor - Standard

Antimalware Doctor



Zitat:
Zitat von cosinus Beitrag anzeigen
Wasndas hier? Wo hast Du dieses Teil von Ubisoft her?
hmm.. kA, hab mir vor kurzem Napoleon Total war gekauft da war Ubisoft glaub ich dabei.

also wird wohl ein von irgendeinem Spiel kommen.

das war aber net da grund. was noch wichtig ist, dass das Problem nach einen Besuch einer Seite mit Stream aufgetreten ist. suchte nähmlich einen Stream für das u21 Spiel da der ORF nicht überträgt. Sah ganz vernüftig aus. ich wurde nur gefragt, ob ich den Windows Media Player ausführen möchte.

danach war ich auch noch auf einer Seite von jener kam es glaub ich eher, nur da hab ich nichts gemacht außer auf Abbrechen zu drücken.

lg
__________________

Alt 07.09.2010, 15:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor - Standard

Antimalware Doctor



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.09.2010, 16:52   #5
nero08
 
Antimalware Doctor - Standard

Antimalware Doctor



hab probleme beim Posten des Beitrags!!

Danke für deine Hilfe!

Code:
ATTFilter
OTL logfile created on: 07.09.2010 17:05:45 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = E:\Eigene Dateien\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51,27 Gb Total Space | 8,50 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
Drive D: | 23,26 Gb Total Space | 21,14 Gb Free Space | 90,89% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 18,86 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
Drive F: | 3,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 335,35 Gb Total Space | 3,53 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
 
Computer Name: ATHLON-7850
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe ()
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
PRC - D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
 
 
========== Modules (SafeList) ==========
 
MOD - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Users\****\AppData\Local\Temp\msllhsjn.dll ()
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (appdrvrem01) -- C:\Windows\SysNative\appdrvrem01.exe (Protection Technology)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MSSQLSERVER) SQL Server (MSSQLSERVER) -- D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SSHDRV59) -- C:\Windows\SysNative\drivers\SSHDRV59.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (appdrv01) Application Driver (01) -- C:\Windows\SysNative\Drivers\appdrv01.sys (Protection Technology)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys ()
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\SysNative\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (WG111T) -- C:\Windows\SysNative\DRIVERS\WG111Tvx.sys (Atheros Communications, Inc.)
DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (SSHDRV59) -- C:\Windows\SysWOW64\drivers\SSHDRV59.sys ()
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.laola1.at/hxxp://www.google.at/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010.09.02 12:54:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.02 12:54:09 | 000,000,000 | ---D | M]
 
[2009.10.05 21:40:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Extensions
[2009.06.30 23:17:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\extensions
[2009.06.30 23:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.08.30 19:17:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions
[2010.08.06 19:16:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.30 19:17:03 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.08.06 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\DTToolbar@toolbarnet.com
[2009.10.06 17:03:36 | 000,000,894 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\searchplugins\conduit.xml
[2009.12.06 14:38:59 | 000,002,055 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\searchplugins\daemon-search.xml
 
O1 HOSTS File: ([2010.09.07 13:30:16 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ai Nap] D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe ()
O4 - HKLM..\Run: [Cpu Level Up help] D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [nxasocewrm.exe] C:\Users\****\AppData\Local\Temp\nxasocewrm.exe ()
O4 - HKLM..\Run: [QFan Help] D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [byivqr] C:\Users\****\AppData\Local\Temp\msllhsjn.DLL ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-416053540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.21 22:00:00 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\Shell\AutoRun\command - "" = H:\
O33 - MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\Shell - "" = AutoRun
O33 - MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\Shell - "" = AutoRun
O33 - MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\Shell\AutoRun\command - "" = H:\Launcher.exe -- File not found
O33 - MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\Shell - "" = AutoRun
O33 - MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\Shell\AutoRun\command - "" = G:\Installer.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.07 16:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.09.07 16:07:13 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.07 14:13:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2010.09.07 14:12:05 | 003,427,248 | ---- | C] (Piriform Ltd) -- E:\Eigene Dateien\Desktop\ccsetup235.exe
[2010.09.07 13:38:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010.09.07 13:38:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.09.07 13:38:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.07 13:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.07 13:36:29 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- E:\Eigene Dateien\Desktop\mbam-setup.exe
[2010.09.07 13:01:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Windows Server
[2010.09.07 13:01:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\49B403C00339D9F911D0257CF39FD721
[2010.09.06 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010.09.03 23:40:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.09.03 23:40:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.09.03 23:40:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.09.03 23:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.09.03 23:36:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142040}
[2010.09.03 23:07:06 | 000,718,186 | ---- | C] (InstallShield Software Corporation) -- E:\Eigene Dateien\Desktop\javamp3-1_0.exe
[2010.09.03 20:31:13 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.09.02 12:55:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.09.02 12:55:46 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.09.02 12:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.09.02 12:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.09.02 12:51:02 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.09.02 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022
[2010.08.30 21:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.08.30 21:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010.08.30 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2010.08.25 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\The Creative Assembly
[2010.08.25 17:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Design Science
[2010.08.17 13:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Guild 2 - Renaissance
[2010.08.16 15:49:04 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.16 15:49:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.16 15:48:32 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.16 15:48:28 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.16 15:48:12 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.08.16 15:48:09 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.08.16 15:48:08 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.08.16 15:48:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.08.16 15:48:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.08.16 15:48:08 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.16 15:48:08 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.08.16 15:48:08 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.16 15:48:08 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.08.16 15:48:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.16 15:48:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.08.16 15:48:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.16 15:48:08 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.08.16 15:48:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.08.16 15:48:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.08.16 15:48:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.08.16 15:48:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.08.16 15:48:08 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.08.16 15:48:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.08.16 15:48:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.08.16 15:48:07 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.08.16 15:48:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.16 15:48:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.07 17:07:15 | 003,932,160 | -HS- | M] () -- C:\Users\****\ntuser.dat
[2010.09.07 16:06:10 | 000,339,991 | ---- | M] () -- E:\Eigene Dateien\Desktop\RSIT.exe
[2010.09.07 16:03:28 | 000,000,388 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160325.reg
[2010.09.07 16:02:57 | 000,010,612 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160254.reg
[2010.09.07 16:02:37 | 000,165,202 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160225.reg
[2010.09.07 15:51:29 | 000,000,669 | ---- | M] () -- E:\Eigene Dateien\Desktop\CCleaner.lnk
[2010.09.07 15:47:17 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 15:47:17 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 15:47:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.07 15:47:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.07 15:45:53 | 000,524,288 | -HS- | M] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000001.regtrans-ms
[2010.09.07 15:45:53 | 000,065,536 | -HS- | M] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TM.blf
[2010.09.07 15:45:52 | 003,813,845 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db
[2010.09.07 14:13:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2010.09.07 14:12:15 | 003,427,248 | ---- | M] (Piriform Ltd) -- E:\Eigene Dateien\Desktop\ccsetup235.exe
[2010.09.07 13:47:34 | 000,363,520 | ---- | M] () -- E:\Eigene Dateien\Desktop\iExplore.exe
[2010.09.07 13:45:44 | 000,363,520 | ---- | M] () -- E:\Eigene Dateien\Desktop\rkill.com
[2010.09.07 13:38:05 | 000,000,643 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.07 13:36:40 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- E:\Eigene Dateien\Desktop\mbam-setup.exe
[2010.09.07 13:02:01 | 000,000,150 | ---- | M] () -- C:\Windows\SysWow64\3356018.BAT
[2010.09.07 13:01:36 | 000,007,488 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010.09.07 12:12:21 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C930AB4-14B1-4E60-A93F-1FEE84B26496}.job
[2010.09.06 16:54:55 | 000,000,498 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ****.job
[2010.09.05 15:19:11 | 000,001,629 | ---- | M] () -- E:\Eigene Dateien\Desktop\DivX Movies.lnk
[2010.09.05 15:19:06 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.09.04 21:11:00 | 000,000,905 | ---- | M] () -- E:\Eigene Dateien\Desktop\SteamLess Left4Dead2.lnk
[2010.09.04 14:28:50 | 000,009,466 | ---- | M] () -- C:\Windows\SysWow64\sound.mod
[2010.09.03 23:07:10 | 000,718,186 | ---- | M] (InstallShield Software Corporation) -- E:\Eigene Dateien\Desktop\javamp3-1_0.exe
[2010.09.02 16:05:12 | 000,040,960 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.02 12:56:14 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.02 12:53:42 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.31 20:58:26 | 001,711,142 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.31 20:58:26 | 000,715,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.31 20:58:26 | 000,683,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.31 20:58:26 | 000,158,740 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.31 20:58:26 | 000,136,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.30 21:47:13 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010.08.30 19:48:40 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.08.30 19:37:25 | 000,001,710 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.25 18:24:58 | 000,086,416 | ---- | M] () -- C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.25 18:23:33 | 000,346,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.21 17:15:50 | 000,524,288 | -HS- | M] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000002.regtrans-ms
[2010.08.21 00:12:56 | 000,524,288 | -HS- | M] () -- C:\Users\****\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TMContainer00000000000000000001.regtrans-ms
[2010.08.21 00:12:56 | 000,065,536 | -HS- | M] () -- C:\Users\****\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TM.blf
[2010.08.20 23:14:38 | 000,000,680 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2010.08.16 22:00:06 | 000,000,253 | ---- | M] () -- C:\Windows\win.ini
[2010.08.16 19:29:35 | 001,689,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.16 19:24:02 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2010.09.07 16:06:09 | 000,339,991 | ---- | C] () -- E:\Eigene Dateien\Desktop\RSIT.exe
[2010.09.07 16:03:26 | 000,000,388 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160325.reg
[2010.09.07 16:02:55 | 000,010,612 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160254.reg
[2010.09.07 16:02:28 | 000,165,202 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160225.reg
[2010.09.07 15:51:29 | 000,000,669 | ---- | C] () -- E:\Eigene Dateien\Desktop\CCleaner.lnk
[2010.09.07 13:47:33 | 000,363,520 | ---- | C] () -- E:\Eigene Dateien\Desktop\iExplore.exe
[2010.09.07 13:45:42 | 000,363,520 | ---- | C] () -- E:\Eigene Dateien\Desktop\rkill.com
[2010.09.07 13:38:05 | 000,000,643 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.07 13:02:01 | 000,000,150 | ---- | C] () -- C:\Windows\SysWow64\3356018.BAT
[2010.09.05 15:19:06 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.09.04 21:11:00 | 000,000,905 | ---- | C] () -- E:\Eigene Dateien\Desktop\SteamLess Left4Dead2.lnk
[2010.09.03 22:27:34 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\jmmpa.dll
[2010.09.03 22:27:34 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\jsound.dll
[2010.09.03 22:27:34 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\jmh261.dll
[2010.09.03 22:27:34 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\jmvh263.dll
[2010.09.03 22:27:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\jmjpeg.dll
[2010.09.03 22:27:34 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\jmh263enc.dll
[2010.09.03 22:27:34 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\jmg723.dll
[2010.09.03 22:27:34 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\jmmpegv.dll
[2010.09.03 22:27:34 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\jmutil.dll
[2010.09.03 22:27:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\jmgsm.dll
[2010.09.03 22:27:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\jmam.dll
[2010.09.03 22:27:34 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmcvid.dll
[2010.09.03 22:27:34 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmacm.dll
[2010.09.03 22:27:34 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\jmvfw.dll
[2010.09.03 22:27:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\jmdaud.dll
[2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmvcm.dll
[2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmgdi.dll
[2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmddraw.dll
[2010.09.03 22:27:34 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmfjawt.dll
[2010.09.03 22:27:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmmci.dll
[2010.09.03 22:27:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmdaudc.dll
[2010.09.02 12:56:14 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.02 12:53:42 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.30 21:47:16 | 000,000,498 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for ****.job
[2010.08.30 21:47:13 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010.08.30 19:48:40 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.08.30 19:36:52 | 000,001,629 | ---- | C] () -- E:\Eigene Dateien\Desktop\DivX Movies.lnk
[2010.08.26 00:21:10 | 000,009,466 | ---- | C] () -- C:\Windows\SysWow64\sound.mod
[2010.08.21 14:48:08 | 000,524,288 | -HS- | C] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000002.regtrans-ms
[2010.08.21 14:48:08 | 000,524,288 | -HS- | C] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000001.regtrans-ms
[2010.08.21 14:48:08 | 000,065,536 | -HS- | C] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TM.blf
[2010.08.16 19:24:02 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2010.07.15 22:44:49 | 000,437,554 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistMSI4FC8.txt
[2010.07.15 22:44:49 | 000,011,662 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistUI4FC8.txt
[2010.07.05 23:38:57 | 000,028,150 | ---- | C] () -- C:\Users\****\AppData\Local\dd_depcheckdotnetfx30.txt
[2010.07.05 23:38:53 | 000,032,214 | ---- | C] () -- C:\Users\****\AppData\Local\dd_dotnetfx3install.txt
[2010.07.05 23:38:53 | 000,000,718 | ---- | C] () -- C:\Users\****\AppData\Local\dd_dotnetfx3error.txt
[2010.04.04 17:37:20 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.04.04 17:37:20 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.04.04 17:37:17 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.04.04 17:37:17 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.02.13 17:06:11 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\SSHDRV59.sys
[2010.01.13 17:21:25 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2009.12.26 16:46:54 | 000,000,317 | ---- | C] () -- C:\Windows\game.ini
[2009.12.04 17:38:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Nadeo.ini
[2009.11.10 22:02:41 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2009.10.25 23:26:32 | 000,185,720 | ---- | C] () -- C:\Users\****\AppData\Local\dd_SqlPubWiz.msi2ABC.txt
[2009.10.25 23:26:27 | 000,283,690 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WinSDK_RefInt_x64_MSI2AAC.txt
[2009.10.25 23:26:19 | 000,549,072 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI2A92.txt
[2009.10.25 23:26:11 | 000,440,254 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2A77.txt
[2009.10.25 23:25:49 | 005,358,706 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WinSDK_Build_x64_MSI2A30.txt
[2009.10.25 23:25:42 | 000,653,358 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WinSDK_Tools_x64_MSI2A19.txt
[2009.10.25 23:25:15 | 002,486,530 | ---- | C] () -- C:\Users\****\AppData\Local\dd_CrystalReports2007_x64_MSI29C1.txt
[2009.10.25 23:24:02 | 004,634,744 | ---- | C] () -- C:\Users\****\AppData\Local\dd_CrystalReports2007_MSI28D2.txt
[2009.10.25 23:23:54 | 001,222,898 | ---- | C] () -- C:\Users\****\AppData\Local\dd_RDBG_AMD64_MSI28B8.txt
[2009.10.25 23:23:25 | 001,711,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.10.25 23:21:14 | 000,289,768 | ---- | C] () -- C:\Users\****\AppData\Local\dd_64bitEmulator_MSI26AE.txt
[2009.10.25 23:20:53 | 005,144,150 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WMSP_5_0_MSI2669.txt
[2009.10.25 23:20:18 | 007,059,112 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WMPPC_5_0_MSI25F7.txt
[2009.10.25 23:20:12 | 000,730,446 | ---- | C] () -- C:\Users\****\AppData\Local\dd_SSCEDeviceRuntime_MSI25E3.txt
[2009.10.25 23:20:07 | 000,313,566 | ---- | C] () -- C:\Users\****\AppData\Local\dd_SQLCEToolsForVS2007_MSI25D3.txt
[2009.10.25 23:20:02 | 000,356,686 | ---- | C] () -- C:\Users\****\AppData\Local\dd_SSCERuntime_MSI25C2.txt
[2009.10.25 23:19:37 | 000,843,636 | ---- | C] () -- C:\Users\****\AppData\Local\dd_VSTOR_MSI2571.txt
[2009.10.25 23:19:24 | 001,046,252 | ---- | C] () -- C:\Users\****\AppData\Local\dd_NETCFSetupv35_MSI2546.txt
[2009.10.25 23:19:13 | 001,012,638 | ---- | C] () -- C:\Users\****\AppData\Local\dd_NETCFSetupv2_MSI2522.txt
[2009.10.25 23:10:47 | 050,904,718 | ---- | C] () -- C:\Users\****\AppData\Local\VSMsiLog1EAE.txt
[2009.10.25 23:08:30 | 002,862,508 | ---- | C] () -- C:\Users\****\AppData\Local\dd_Dexplorer90_retMSI1CEF.txt
[2009.10.25 23:08:24 | 000,358,650 | ---- | C] () -- C:\Users\****\AppData\Local\dd_PreReq_AMD64_MSI1CDB.txt
[2009.10.25 23:08:13 | 000,838,352 | ---- | C] () -- C:\Users\****\AppData\Local\dd_VC_MinRed_MSI1CB7.txt
[2009.10.25 23:07:13 | 000,317,613 | ---- | C] () -- C:\Users\****\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009.10.25 23:07:04 | 000,704,096 | ---- | C] () -- C:\Users\****\AppData\Local\dd_install_vs_procore_90.txt
[2009.10.25 23:07:04 | 000,011,384 | ---- | C] () -- C:\Users\****\AppData\Local\uxeventlog.txt
[2009.10.25 23:07:04 | 000,000,002 | ---- | C] () -- C:\Users\****\AppData\Local\dd_error_vs_procore_90.txt
[2009.10.20 20:46:36 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.10.20 20:45:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.10.05 21:34:16 | 000,000,678 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.09.19 23:20:47 | 000,023,888 | ---- | C] () -- C:\Users\****\AppData\Roaming\UserTile.png
[2009.06.29 18:54:06 | 000,040,960 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.26 13:54:05 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.06.26 13:53:33 | 000,030,539 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.06.26 13:51:55 | 000,000,732 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps64.dat
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dossec.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
< End of report >
         


Alt 07.09.2010, 16:57   #6
nero08
 
Antimalware Doctor - Standard

Antimalware Doctor



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.09.2010 17:05:45 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = E:\Eigene Dateien\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51,27 Gb Total Space | 8,50 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
Drive D: | 23,26 Gb Total Space | 21,14 Gb Free Space | 90,89% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 18,86 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
Drive F: | 3,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 335,35 Gb Total Space | 3,53 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
 
Computer Name: ATHLON-7850
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 8E DC E9 E8 17 56 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-848732423-1492607561-3796473004-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files (x86)\BitTorrent\bittorrent.exe" = D:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"D:\Program Files (x86)\BitTorrent\bittorrent.exe" = D:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05FC3006-31BD-4ED6-97E0-B2DC8EF8AFD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31A182DD-970E-49A7-9A45-FB9AE7B74E39}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{36248B63-2602-4845-AB09-D41BBF5513F9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{37704E4C-3033-434E-95D1-4D8080DA3CC5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4A45DEE8-83D4-43BB-AD47-1DC2D27D2F29}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4AF208E9-0A69-4747-98E6-F5641ABF7C02}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64052A13-9DC8-4E6B-85E7-DD2D562C3703}" = lport=1234 | protocol=17 | dir=in | name=petroglyph | 
"{72A381DE-BAA0-4A07-93A9-C65480D2A080}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7404F8AB-80E3-4318-BEB0-8AD566ED6684}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8997BD94-F4EF-487C-A6E3-79FA57B11FEB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8D0089F9-54FC-4CD6-91C0-A9459630FAB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{90B286C3-9C0A-4634-BF14-292E5BEDCC50}" = rport=138 | protocol=17 | dir=out | app=system | 
"{94139D08-62A0-4B9D-8E2B-BFB0DD1BFF11}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A5C2FD0A-C5E6-4AE8-B21F-D5BD30EB8C2D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A81BF3C9-0E56-4A40-B7B4-501BFC48377A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C6743B6D-9450-40F6-8962-655F96611E19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C9717468-D32E-4D4D-B054-F7115AB262A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F41E8A2F-4CBB-455B-A77E-0AD1BFF754E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F821F713-6625-4D3E-AB1E-92368820C20F}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A4CC85C-42C3-41C8-9AE2-FDED26FFB5D9}" = protocol=6 | dir=in | app=e:\program files (x86)\cyanide\pro cycling manager - season 2010\autorun\exe\autorun.exe | 
"{0FA1EA28-EEF9-4E0D-B820-019A26D89820}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe | 
"{18840098-2D14-446B-A23D-C3F19F6ADAB1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{292E3EF4-C26A-417F-99C9-02E6B2A3087B}" = protocol=6 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe | 
"{2FECC7A5-B37E-48E6-9E47-A0BBDA4BE1A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{35AAC081-57CF-4C82-8E03-448BFB3D2DA1}" = protocol=6 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{3F0E1289-D65C-4884-BC6F-0234F1F291E9}" = protocol=6 | dir=in | app=e:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{402E6125-4103-4F75-8907-D2A2BE4E7F54}" = protocol=17 | dir=in | app=e:\program files (x86)\cyanide\pro cycling manager - season 2010\autorun\exe\autorun.exe | 
"{444E682D-535F-4791-AACA-BA9BCBAF0963}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{45083FDA-F008-4680-8E37-ACF6917BA8BA}" = protocol=6 | dir=in | app=e:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{50CBFAF3-972C-4550-A4E0-1C234CEF1AD8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{55ADD3C0-5DE0-4B2C-8A58-207A06B1B119}" = protocol=17 | dir=in | app=e:\games\company of heroes\relicdownloader\relicdownloader.exe | 
"{5A018111-DF52-4EEA-B765-C8DAF70EDC99}" = protocol=17 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{657BF08F-CE36-4A8F-8BAC-8DAA7618E92A}" = protocol=17 | dir=in | app=e:\program files (x86)\cyanide\pro cycling manager - season 2010\pcm.exe | 
"{657E84EC-7F9B-4602-9A00-7292347177E2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{79FACD4D-1592-49A1-B5CF-3F65D5C7656B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7B903DE0-9A04-448F-86F6-336FB19E0A9C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{81913966-8B2C-46F9-866D-3F2661F6B8EC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8E9860E3-1E80-494F-9D04-9BBF14BA7401}" = protocol=6 | dir=in | app=e:\games\company of heroes\reliccoh.exe | 
"{90216396-F907-4791-B933-B0271F85E3E5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{9C4C6E76-3C31-4F22-B806-C365D5C0D23F}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe | 
"{A268A10B-F75C-4D27-AB70-876F89E9A7F6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A4950AAE-802B-4397-B3DF-7D2EF1277109}" = protocol=17 | dir=in | app=e:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{AA8707F7-6433-4BDC-B252-CBAF32A00B2C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AC1B719B-ADAB-4314-A2E3-926BBD2E766A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AEED6B8B-E690-44DD-88ED-9DB8C93A898B}" = protocol=17 | dir=in | app=e:\program files (x86)\cyanide\gamecenter\gamecenter.exe | 
"{B53BD742-9907-4A17-87E0-A6E9DBDF005C}" = protocol=17 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe | 
"{B72972BF-230C-4355-990E-E957BC2C6CC2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B852876E-F7C3-4A58-BA7D-1BC5557C4E53}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C010ED65-8076-4F35-B02E-F6EDD92B66F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D4594CCA-1052-4E0F-B372-D9D1C3CA6526}" = protocol=6 | dir=in | app=e:\program files (x86)\cyanide\gamecenter\gamecenter.exe | 
"{DBF6ED67-0B0C-4DB8-8384-E8E7A8EF6B2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DD657584-CF54-4D2C-80A6-ACF7E5B25885}" = protocol=17 | dir=in | app=e:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{E6D256C3-A8BB-48D8-9435-435CD8C2A9E4}" = protocol=6 | dir=in | app=e:\games\company of heroes\relicdownloader\relicdownloader.exe | 
"{ECDAD317-27B5-4D9C-8DD2-48863CDCF466}" = protocol=17 | dir=in | app=e:\games\company of heroes\reliccoh.exe | 
"{F5292442-8558-44FF-B6C8-13F2143CB548}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FC570D61-AEAC-4624-9948-4F3D0B0F372B}" = protocol=6 | dir=in | app=e:\program files (x86)\cyanide\pro cycling manager - season 2010\pcm.exe | 
"{FCE18654-9BD5-438E-82DC-339E55416C25}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"TCP Query User{0134B6AE-AB5E-4B51-BB98-923BE61EDEC7}E:\westwood\renegade\game.exe" = protocol=6 | dir=in | app=e:\westwood\renegade\game.exe | 
"TCP Query User{0492DBA2-F3DC-4F45-84EF-99C86B0E16DB}E:\games\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=e:\games\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{0B137A20-ECB4-48EE-8F36-0946CF192BB3}E:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe" = protocol=6 | dir=in | app=e:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe | 
"TCP Query User{12D04790-CC76-4460-A071-9A15D2ABEF55}E:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{1C1B525C-4C79-4F88-813E-E1EB8D62377C}E:\program files (x86)\the guild 2 - renaissance\guildii.exe" = protocol=6 | dir=in | app=e:\program files (x86)\the guild 2 - renaissance\guildii.exe | 
"TCP Query User{23EA80D5-6487-4947-B8CA-A6A3FCEEFC80}E:\lan\counter-strike 1.6\cstrike.exe" = protocol=6 | dir=in | app=e:\lan\counter-strike 1.6\cstrike.exe | 
"TCP Query User{26AFEECD-331D-4D43-9F44-B4815456929E}E:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=e:\program files (x86)\ea sports\fifa 09\fifa09.exe | 
"TCP Query User{30A6B053-FDA8-44E0-A8F2-29B923AFE7FC}E:\games\cyanide\radsport manager pro 2006\pcm.exe" = protocol=6 | dir=in | app=e:\games\cyanide\radsport manager pro 2006\pcm.exe | 
"TCP Query User{323E95C2-6473-466E-808B-75E20EB0BAD4}E:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=e:\program files (x86)\ea sports\fussball manager 10\manager10.exe | 
"TCP Query User{37D95BD6-CE3C-4097-8129-A89A6213D607}D:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{38021462-1914-4A0F-BA05-714B83048153}E:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=e:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{3C819699-28CE-49C4-96EA-D1C0C30FDA05}E:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{401B1EA9-8805-4485-83D1-2296FA7A1BCD}D:\program files (x86)\rtw - multicampaign\cbserv.exe" = protocol=6 | dir=in | app=d:\program files (x86)\rtw - multicampaign\cbserv.exe | 
"TCP Query User{58F3BBD4-6073-494A-B4E4-8DDA64698976}D:\program files (x86)\rtw - multicampaign\cbclient.exe" = protocol=6 | dir=in | app=d:\program files (x86)\rtw - multicampaign\cbclient.exe | 
"TCP Query User{6FEABBD5-9215-4E9E-B6BE-13D4FE4D23F1}E:\games\cc zero\game.dat" = protocol=6 | dir=in | app=e:\games\cc zero\game.dat | 
"TCP Query User{7172E1D4-3F50-4BB9-A374-74A4E99BC847}E:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{7F6A5018-1D57-4B22-97F2-663E2C4A247A}E:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=e:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe | 
"TCP Query User{81417E28-621E-4E37-9B96-59470131EBA5}E:\games\lucasarts\star wars empire at war\gamedata\sweaw.exe" = protocol=6 | dir=in | app=e:\games\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"TCP Query User{8800CAF6-207D-4C09-BE27-55F0003A7A1D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{901D215F-5A31-4383-AA0A-EBC48F2568CA}D:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{94BA4BD4-BD8D-490F-9DAC-6CD865970F40}D:\xampp\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=d:\xampp\xampp\mercurymail\mercury.exe | 
"TCP Query User{AB23C88F-C28B-44BB-805A-EED5D69E5174}D:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{AEA82897-D0FF-4B9A-9963-8AB8FA041FA9}E:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe" = protocol=6 | dir=in | app=e:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe | 
"TCP Query User{B99F38B5-AD50-4F80-863D-45FAA8CD7679}D:\xampp\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=d:\xampp\xampp\filezillaftp\filezilla server.exe | 
"TCP Query User{BF98E78E-2C80-4355-B118-D26F0FB483BB}D:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{C84A6059-0EAC-42DD-A2A2-3EB81AFE30C9}E:\games\fifa10\fifa10.exe" = protocol=6 | dir=in | app=e:\games\fifa10\fifa10.exe | 
"TCP Query User{C85B32E7-C018-4D87-BB21-DF066167C7C1}D:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\xampp\apache\bin\httpd.exe | 
"TCP Query User{CB81E7AF-BB24-4B5B-8CCE-044DE3A6A5D1}E:\games\cc zero\game.dat" = protocol=6 | dir=in | app=e:\games\cc zero\game.dat | 
"TCP Query User{D4AAD6EE-1B0F-4376-AA8C-77E98CBAEB57}E:\program files (x86)\ea games\battlefield vietnam\bfvietnam_w32ded.exe" = protocol=6 | dir=in | app=e:\program files (x86)\ea games\battlefield vietnam\bfvietnam_w32ded.exe | 
"TCP Query User{D783CA39-BB45-458C-9466-B56232A77AEE}E:\programme\activision\rome - total war\rometw.exe" = protocol=6 | dir=in | app=e:\programme\activision\rome - total war\rometw.exe | 
"TCP Query User{E2FBA748-C69C-4652-85CE-72BA759E1598}E:\lan\counter-strike 1.6\cstrike.exe" = protocol=6 | dir=in | app=e:\lan\counter-strike 1.6\cstrike.exe | 
"TCP Query User{E53BD1F4-6806-4285-A31C-6456A5CE10C6}E:\lan\counter-strike 1.6\hlds.exe" = protocol=6 | dir=in | app=e:\lan\counter-strike 1.6\hlds.exe | 
"TCP Query User{E7DB19AE-CD96-4DFF-B05B-222452E0268E}E:\program files (x86)\steamless left4dead2 pack\left4dead2.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steamless left4dead2 pack\left4dead2.exe | 
"TCP Query User{EA104E5E-7433-4FD8-B6E2-A38E21796FEC}E:\games\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=e:\games\company of heroes\reliccoh.exe | 
"TCP Query User{EB9F0A64-9B42-4089-B679-6E8458B227CF}E:\games\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=e:\games\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{EBEF04F7-A492-46F4-A547-70757FEFE1A3}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"TCP Query User{EDC9E447-0430-4F5E-853E-6774C0EAEF58}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{EE4F0846-8EE1-4E7A-B57F-1B6041303420}C:\users\****\appdata\local\temp\ffb92f6be0ce4855894768dbd45a8ef7\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\local\temp\ffb92f6be0ce4855894768dbd45a8ef7\relicdownloader.exe | 
"TCP Query User{F70CBFF6-3AB7-4CA9-9179-27D6BE448482}D:\program files (x86)\packet tracer 5.1\bin\packettracer5.exe" = protocol=6 | dir=in | app=d:\program files (x86)\packet tracer 5.1\bin\packettracer5.exe | 
"TCP Query User{FB2C5B0E-507C-42E7-BEB5-CD38F43BF175}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{0C3AD1C5-4379-496E-A539-57C69C9BF6B1}E:\games\cc zero\game.dat" = protocol=17 | dir=in | app=e:\games\cc zero\game.dat | 
"UDP Query User{0CEA0BC2-25B6-4702-86F1-26D6F64FBD62}E:\westwood\renegade\game.exe" = protocol=17 | dir=in | app=e:\westwood\renegade\game.exe | 
"UDP Query User{15106A15-1CAF-4C18-9034-9B6D2880B906}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{17F1269E-DB25-427D-B0FB-8B4E24DF58F1}E:\games\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=e:\games\company of heroes\reliccoh.exe | 
"UDP Query User{1E1BCF21-F4F1-450F-8797-24AE1000CAB3}E:\games\lucasarts\star wars empire at war\gamedata\sweaw.exe" = protocol=17 | dir=in | app=e:\games\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"UDP Query User{1E6C649D-0D9D-451C-8799-4022E13135B4}E:\games\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=e:\games\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{227590D9-16A6-4250-BE4B-F5C3D323181D}D:\program files (x86)\rtw - multicampaign\cbserv.exe" = protocol=17 | dir=in | app=d:\program files (x86)\rtw - multicampaign\cbserv.exe | 
"UDP Query User{24A7284F-2DA9-4638-B014-04F52B3314C8}E:\program files (x86)\ea games\battlefield vietnam\bfvietnam_w32ded.exe" = protocol=17 | dir=in | app=e:\program files (x86)\ea games\battlefield vietnam\bfvietnam_w32ded.exe | 
"UDP Query User{2B140E3C-245E-4236-98E1-B2B6457B7130}E:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=e:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{2FEC4B15-BA64-456B-A45A-8A291CBA4005}D:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\xampp\apache\bin\httpd.exe | 
"UDP Query User{36529E83-8141-4F14-AB90-083E9471FEFF}E:\lan\counter-strike 1.6\cstrike.exe" = protocol=17 | dir=in | app=e:\lan\counter-strike 1.6\cstrike.exe | 
"UDP Query User{373E17FC-666A-4467-8573-4ADAE91D9955}E:\lan\counter-strike 1.6\cstrike.exe" = protocol=17 | dir=in | app=e:\lan\counter-strike 1.6\cstrike.exe | 
"UDP Query User{37949095-9374-4A7E-863A-D6FDF2312F31}E:\program files (x86)\the guild 2 - renaissance\guildii.exe" = protocol=17 | dir=in | app=e:\program files (x86)\the guild 2 - renaissance\guildii.exe | 
"UDP Query User{42620FF3-FEEB-48C2-A62B-4BEF7ECFB0F5}E:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=e:\program files (x86)\ea sports\fifa 09\fifa09.exe | 
"UDP Query User{4C73680B-B254-415F-8A8A-398ABDE910E9}E:\lan\counter-strike 1.6\hlds.exe" = protocol=17 | dir=in | app=e:\lan\counter-strike 1.6\hlds.exe | 
"UDP Query User{598BA399-B3F3-4365-A1A9-D2C3C9213F91}E:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{65BC17F1-0509-4289-BBFC-4709AC44CCFA}D:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{6A57434F-136A-4569-A5CD-998485C9F144}E:\games\cc zero\game.dat" = protocol=17 | dir=in | app=e:\games\cc zero\game.dat | 
"UDP Query User{7EAB9E4C-DD67-4F0E-8115-61372E490B9D}D:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{806ED18D-FA7F-4C74-B0EE-4D2BEB191B34}D:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{85D08002-B773-43A1-8C2F-0AA9BE054D73}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{8D7821B2-355F-4477-AB46-B74E39479A5F}E:\programme\activision\rome - total war\rometw.exe" = protocol=17 | dir=in | app=e:\programme\activision\rome - total war\rometw.exe | 
"UDP Query User{8F9A5BC5-7BC0-4905-AE33-DD2797822B6C}E:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe" = protocol=17 | dir=in | app=e:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe | 
"UDP Query User{90AD333B-7ACA-4277-B63E-7F46C9C522E6}D:\xampp\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=d:\xampp\xampp\filezillaftp\filezilla server.exe | 
"UDP Query User{9216F7BA-E209-4F7E-86CC-0CF512C32EB6}D:\program files (x86)\rtw - multicampaign\cbclient.exe" = protocol=17 | dir=in | app=d:\program files (x86)\rtw - multicampaign\cbclient.exe | 
"UDP Query User{94632E2D-2661-44F3-8D38-2E7142456D3D}E:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=e:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{9D3F2B28-3425-4FA7-A596-71A8459E0F94}E:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=e:\program files (x86)\ea sports\fussball manager 10\manager10.exe | 
"UDP Query User{A654E2C4-A074-4397-B38B-25D970E976E7}D:\xampp\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=d:\xampp\xampp\mercurymail\mercury.exe | 
"UDP Query User{B0D5E8F5-B72D-4FD3-847D-F2B2A4372177}E:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe" = protocol=17 | dir=in | app=e:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe | 
"UDP Query User{BFBC236E-4A59-4CF4-ACBE-34FA6FDA3B5A}E:\games\cyanide\radsport manager pro 2006\pcm.exe" = protocol=17 | dir=in | app=e:\games\cyanide\radsport manager pro 2006\pcm.exe | 
"UDP Query User{C1FBCE68-8BD0-4E87-BBDE-90AE7B7064A4}E:\games\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=e:\games\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{CAB14B0C-B929-4249-A860-800A4C6DC2E4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{D3EEF7B3-9F02-4546-A63D-8783749EC8DA}D:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{E23A0AAD-980C-4DE2-A166-F8B9D5A8C97B}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"UDP Query User{E41AC13F-B164-4811-A2E4-1287C80CBBE5}C:\users\****\appdata\local\temp\ffb92f6be0ce4855894768dbd45a8ef7\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\local\temp\ffb92f6be0ce4855894768dbd45a8ef7\relicdownloader.exe | 
"UDP Query User{E5097750-F502-4AD8-8F12-8B83E2054067}E:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{F3B7C79A-C580-4038-89EC-7BE46D3EF20D}E:\games\fifa10\fifa10.exe" = protocol=17 | dir=in | app=e:\games\fifa10\fifa10.exe | 
"UDP Query User{F40A2184-CEAC-45D8-B62E-8BA2055466D6}E:\program files (x86)\steamless left4dead2 pack\left4dead2.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steamless left4dead2 pack\left4dead2.exe | 
"UDP Query User{F439CEC5-8817-46DD-81C7-75D39630A3C8}E:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{FBBC090B-3432-4FB0-AAD3-ACEFD588DAE7}D:\program files (x86)\packet tracer 5.1\bin\packettracer5.exe" = protocol=17 | dir=in | app=d:\program files (x86)\packet tracer 5.1\bin\packettracer5.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{A6034EB0-BEC6-4FC5-9B18-1DA8441CA9D9}" = Microsoft SQL Server Management Studio Express
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BAE72B35-821F-6780-18C5-BE4EBDF8DC7A}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F7561C47-6327-E6A5-3B57-756FA920CEF3}" = ccc-utility64
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{259BDEFB-DCE0-990E-6C65-EA6DCAF1C604}" = Catalyst Control Center HydraVision Full
"{262296A3-87A4-4614-CBF1-E04455694390}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{4411E4C3-C60F-B094-0E1F-C6E73311A9EA}" = Catalyst Control Center InstallProxy
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5E7AFD67-97C1-E310-CDC4-9F1547E1677C}" = Catalyst Control Center Graphics Previews Vista
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v4.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{827B97A9-B347-4110-9F89-37AF2B758F94}" = NHL™ 09
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A92C93-C5F2-128A-532A-B7C295450476}" = Catalyst Control Center Graphics Full Existing
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA950F9-4CC6-35FC-BB9A-761298DE9ADC}" = Catalyst Control Center Graphics Full New
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B4B3428-7640-400E-9B96-22243568E296}" = Catalyst Control Center Graphics Previews Common
"{A111CF27-5082-6499-17D3-7FDA158206EF}" = ccc-core-static
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D5C36070-143F-489D-FB5A-903940D42325}" = Catalyst Control Center Core Implementation
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E77C580F-E2C8-23C7-350E-F3317D1C4A8A}" = CCC Help English
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{THEGUILDREN-0010-2010-300520102330}_is1" = The Guild 2 - Renaissance
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Company of Heroes" = Company of Heroes
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Die Gilde - Gaukler, Gruften und Geschütze" = Die Gilde - Gaukler, Gruften und Geschütze
"Die Gilde 2 - Die Seeräuber der Hanse" = Die Gilde 2 - Die Seeräuber der Hanse
"Die Gilde Addon Update v. 2.06 " = Die Gilde Addon Update v. 2.06 
"Die Gilde Update v1.04a" = Die Gilde Update v1.04a
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"FileZilla Client" = FileZilla Client 3.2.7.1
"Freelancer 1.0" = Freelancer
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GameCenter_is1" = GameCenter 1.3.0.5
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Java Media Framework 2.1.1a" = Java Media Framework 2.1.1a
"Java MP3 PlugIn" = Java MP3 PlugIn
"LyX" = LyX 1.6.4-1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NSS" = Norton Security Scan
"Packet Tracer 5.1_is1" = Packet Tracer 5.1
"Pro Cycling Manager 2010_is1" = Tour de France 2010 - Der offizielle Radsport-Manager Version 1
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"TeleTeachingTool" = TeleTeachingTool
"The Guild 2 - Renaissance_is1" = The Guild 2 - Renaissance
"TheGuild2" = Die Gilde 2
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"VISPROR" = Microsoft Office Visio Professional 2007
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.1
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FM10 Stadien Österreich" = FM10 Stadien Österreich
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


lg

Alt 07.09.2010, 19:03   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor - Standard

Antimalware Doctor



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
MOD - C:\Users\****\AppData\Local\Temp\msllhsjn.dll ()
DRV:64bit: - (SSHDRV59) -- C:\Windows\SysNative\drivers\SSHDRV59.sys File not found
DRV - (SSHDRV59) -- C:\Windows\SysWOW64\drivers\SSHDRV59.sys ()
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1351351&SearchSource=13"
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [nxasocewrm.exe] C:\Users\****\AppData\Local\Temp\nxasocewrm.exe ()
O4 - HKCU..\Run: [byivqr] C:\Users\****\AppData\Local\Temp\msllhsjn.DLL ()
O32 - AutoRun File - [2008.01.21 22:00:00 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\Shell\AutoRun\command - "" = H:\
O33 - MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\Shell - "" = AutoRun
O33 - MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\Shell - "" = AutoRun
O33 - MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\Shell\AutoRun\command - "" = H:\Launcher.exe -- File not found
O33 - MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\Shell - "" = AutoRun
O33 - MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\Shell\AutoRun\command - "" = G:\Installer.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
[2010.09.07 13:01:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Windows Server
[2010.09.07 13:01:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\49B403C00339D9F911D0257CF39FD721
:Files
C:\Users\****\AppData\Local\Temp\msllhsjn.dll
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.09.2010, 19:32   #8
nero08
 
Antimalware Doctor - Standard

Antimalware Doctor



Hier die Ausgabe:

Code:
ATTFilter
All processes killed
========== OTL ==========
Service SSHDRV59 stopped successfully!
Service SSHDRV59 deleted successfully!
File  C:\Windows\SysNative\drivers\SSHDRV59.sys File not found not found.
Error: No service named SSHDRV59 was found to stop!
Service\Driver key SSHDRV59 not found.
C:\Windows\SysWOW64\drivers\SSHDRV59.sys moved successfully.
Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nxasocewrm.exe deleted successfully.
C:\Users\Hubsi\AppData\Local\Temp\nxasocewrm.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\byivqr deleted successfully.
File move failed. C:\Users\Hubsi\AppData\Local\Temp\msllhsjn.dll scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231d01ce-6e17-11de-af5e-00248c40c75f}\ not found.
File H:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231d01ce-6e17-11de-af5e-00248c40c75f}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e53f36b-6278-11de-864b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e53f36b-6278-11de-864b-806e6f6e6963}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a11e93e-a94d-11df-9142-f92f51994443}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a11e93e-a94d-11df-9142-f92f51994443}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97882528-8838-11df-a800-b819468a5c58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97882528-8838-11df-a800-b819468a5c58}\ not found.
File H:\Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d4d077-6252-11de-8006-00248c40c75f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d4d077-6252-11de-8006-00248c40c75f}\ not found.
File G:\Installer.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Users\Hubsi\AppData\Local\Windows Server folder moved successfully.
C:\Users\Hubsi\AppData\Roaming\49B403C00339D9F911D0257CF39FD721 folder moved successfully.
========== FILES ==========
File move failed. C:\Users\Hubsi\AppData\Local\Temp\msllhsjn.dll scheduled to be moved on reboot.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57482 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hubsi
->Temp folder emptied: 1041352 bytes
->Temporary Internet Files folder emptied: 62792818 bytes
->Java cache emptied: 95560376 bytes
->FireFox cache emptied: 45586162 bytes
->Google Chrome cache emptied: 8252187 bytes
->Flash cache emptied: 7484 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 203,00 mb
 
 
OTL by OldTimer - Version 3.2.11.0 log created on 09072010_202537

Files\Folders moved on Reboot...
C:\Users\Hubsi\AppData\Local\Temp\msllhsjn.dll moved successfully.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 07.09.2010, 19:37   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor - Standard

Antimalware Doctor



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.09.2010, 19:49   #10
nero08
 
Antimalware Doctor - Standard

Antimalware Doctor



leider kam dabei nur die OTL.txt Datei raus hier is sie:

Code:
ATTFilter
OTL logfile created on: 07.09.2010 20:40:22 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = E:\Eigene Dateien\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 80,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51,27 Gb Total Space | 6,46 Gb Free Space | 12,60% Space Free | Partition Type: NTFS
Drive D: | 23,26 Gb Total Space | 21,14 Gb Free Space | 90,89% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 18,86 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
Drive F: | 3,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ATHLON-7850
Current User Name: Hubsi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe ()
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
PRC - D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
 
 
========== Modules (SafeList) ==========
 
MOD - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (appdrvrem01) -- C:\Windows\SysNative\appdrvrem01.exe (Protection Technology)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MSSQLSERVER) SQL Server (MSSQLSERVER) -- D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (appdrv01) Application Driver (01) -- C:\Windows\SysNative\Drivers\appdrv01.sys (Protection Technology)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys ()
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\SysNative\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (WG111T) -- C:\Windows\SysNative\DRIVERS\WG111Tvx.sys (Atheros Communications, Inc.)
DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.laola1.at/hxxp://www.google.at/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010.09.02 12:54:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.02 12:54:09 | 000,000,000 | ---D | M]
 
[2009.10.05 21:40:35 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Extensions
[2009.06.30 23:17:02 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\extensions
[2009.06.30 23:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.09.07 17:28:07 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions
[2010.08.06 19:16:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.30 19:17:03 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.08.06 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\DTToolbar@toolbarnet.com
[2009.10.06 17:03:36 | 000,000,894 | ---- | M] () -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\searchplugins\conduit.xml
[2009.12.06 14:38:59 | 000,002,055 | ---- | M] () -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\searchplugins\daemon-search.xml
 
O1 HOSTS File: ([2010.09.07 20:26:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ai Nap] D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe ()
O4 - HKLM..\Run: [Cpu Level Up help] D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [QFan Help] D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-416053540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18:64bit: - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.21 22:00:00 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.09.07 16:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.09.07 16:07:13 | 000,000,000 | ---D | C] -- C:\rsit
[2010.09.07 14:13:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2010.09.07 14:12:05 | 003,427,248 | ---- | C] (Piriform Ltd) -- E:\Eigene Dateien\Desktop\ccsetup235.exe
[2010.09.07 13:38:10 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\Malwarebytes
[2010.09.07 13:38:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.09.07 13:38:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.07 13:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.07 13:36:29 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- E:\Eigene Dateien\Desktop\mbam-setup.exe
[2010.09.06 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010.09.03 23:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.09.03 23:36:22 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142040}
[2010.09.02 12:55:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.09.02 12:55:46 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.09.02 12:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.09.02 12:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.09.02 12:51:02 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.09.02 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022
[2010.08.30 21:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.08.30 21:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010.08.30 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2010.08.25 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\The Creative Assembly
[2010.08.25 17:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Design Science
[2010.08.17 13:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Guild 2 - Renaissance
[2010.08.06 19:24:16 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.08.06 19:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010.08.06 19:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.08.03 20:02:29 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\German Truck Simulator
[2010.07.20 18:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.07.19 19:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever
[2010.07.06 16:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010.07.06 16:53:51 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\Dev-Cpp
[2010.07.05 23:55:43 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Games for Windows - LIVE Demos
[2010.07.05 23:52:09 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Local\Fallout3
[2010.07.05 17:10:00 | 003,854,000 | ---- | C] (Protection Technology) -- C:\Windows\SysNative\drivers\appdrv01.sys
[2010.07.05 17:09:59 | 000,551,896 | ---- | C] (Protection Technology) -- C:\Windows\SysNative\appdrvrem01.exe
[2010.07.05 15:29:42 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Pro Cycling Manager 2010
[2010.07.05 15:29:42 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\Pro Cycling Manager 2010
[2010.07.05 13:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyanide
[2010.07.05 11:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hannes Converter
[2010.07.04 20:08:44 | 000,000,000 | ---D | C] -- C:\Windows\NKCCDViewerSetting
[2010.06.22 21:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010.06.12 21:15:28 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\skypePM
[2010.06.12 21:13:17 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\Skype
[2010.06.12 21:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.06.12 21:12:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.06.12 21:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.09.07 20:40:22 | 003,932,160 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat
[2010.09.07 20:28:12 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 20:28:12 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 20:28:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.07 20:28:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.07 20:27:00 | 000,524,288 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000001.regtrans-ms
[2010.09.07 20:27:00 | 000,065,536 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TM.blf
[2010.09.07 20:26:57 | 003,849,807 | -H-- | M] () -- C:\Users\Hubsi\AppData\Local\IconCache.db
[2010.09.07 18:36:11 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C930AB4-14B1-4E60-A93F-1FEE84B26496}.job
[2010.09.07 17:34:28 | 000,182,272 | ---- | M] () -- E:\Eigene Dateien\Desktop\Danke für deine Hilfe.doc
[2010.09.07 16:06:10 | 000,339,991 | ---- | M] () -- E:\Eigene Dateien\Desktop\RSIT.exe
[2010.09.07 16:03:28 | 000,000,388 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160325.reg
[2010.09.07 16:02:57 | 000,010,612 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160254.reg
[2010.09.07 16:02:37 | 000,165,202 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160225.reg
[2010.09.07 15:51:29 | 000,000,669 | ---- | M] () -- E:\Eigene Dateien\Desktop\CCleaner.lnk
[2010.09.07 14:13:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2010.09.07 14:12:15 | 003,427,248 | ---- | M] (Piriform Ltd) -- E:\Eigene Dateien\Desktop\ccsetup235.exe
[2010.09.07 13:47:34 | 000,363,520 | ---- | M] () -- E:\Eigene Dateien\Desktop\iExplore.exe
[2010.09.07 13:45:44 | 000,363,520 | ---- | M] () -- E:\Eigene Dateien\Desktop\rkill.com
[2010.09.07 13:38:05 | 000,000,643 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.07 13:36:40 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- E:\Eigene Dateien\Desktop\mbam-setup.exe
[2010.09.07 13:02:01 | 000,000,150 | ---- | M] () -- C:\Windows\SysWow64\3356018.BAT
[2010.09.07 13:01:36 | 000,007,488 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010.09.06 16:54:55 | 000,000,498 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Hubsi.job
[2010.09.05 15:19:11 | 000,001,629 | ---- | M] () -- E:\Eigene Dateien\Desktop\DivX Movies.lnk
[2010.09.05 15:19:06 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.09.04 21:11:00 | 000,000,905 | ---- | M] () -- E:\Eigene Dateien\Desktop\SteamLess Left4Dead2.lnk
[2010.09.04 14:28:50 | 000,009,466 | ---- | M] () -- C:\Windows\SysWow64\sound.mod
[2010.09.02 16:05:12 | 000,040,960 | ---- | M] () -- C:\Users\Hubsi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.02 12:56:14 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.02 12:53:42 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.31 20:58:26 | 001,711,142 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.31 20:58:26 | 000,715,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.31 20:58:26 | 000,683,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.31 20:58:26 | 000,158,740 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.31 20:58:26 | 000,136,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.30 21:47:13 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010.08.30 19:48:40 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.08.30 19:37:25 | 000,001,710 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.25 18:24:58 | 000,086,416 | ---- | M] () -- C:\Users\Hubsi\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.25 18:23:33 | 000,346,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.21 17:15:50 | 000,524,288 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000002.regtrans-ms
[2010.08.21 00:12:56 | 000,524,288 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TMContainer00000000000000000001.regtrans-ms
[2010.08.21 00:12:56 | 000,065,536 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TM.blf
[2010.08.20 23:14:38 | 000,000,680 | ---- | M] () -- C:\Users\Hubsi\AppData\Local\d3d9caps.dat
[2010.08.16 22:00:06 | 000,000,253 | ---- | M] () -- C:\Windows\win.ini
[2010.08.16 19:29:35 | 001,689,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.16 19:24:02 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2010.07.07 21:30:08 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.07.05 17:10:00 | 003,854,000 | ---- | M] (Protection Technology) -- C:\Windows\SysNative\drivers\appdrv01.sys
[2010.07.05 17:09:59 | 000,551,896 | ---- | M] (Protection Technology) -- C:\Windows\SysNative\appdrvrem01.exe
[2010.07.05 15:22:36 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.06.24 22:53:56 | 000,524,288 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TMContainer00000000000000000002.regtrans-ms
[2010.06.23 23:12:32 | 000,524,288 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{1c9b76a1-e0c9-11de-8148-880cc9d72d66}.TMContainer00000000000000000001.regtrans-ms
[2010.06.23 23:12:32 | 000,065,536 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{1c9b76a1-e0c9-11de-8148-880cc9d72d66}.TM.blf
[2010.06.12 21:15:29 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
 
========== Files Created - No Company Name ==========
 
[2010.09.07 17:34:24 | 000,182,272 | ---- | C] () -- E:\Eigene Dateien\Desktop\Danke für deine Hilfe.doc
[2010.09.07 16:06:09 | 000,339,991 | ---- | C] () -- E:\Eigene Dateien\Desktop\RSIT.exe
[2010.09.07 16:03:26 | 000,000,388 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160325.reg
[2010.09.07 16:02:55 | 000,010,612 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160254.reg
[2010.09.07 16:02:28 | 000,165,202 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160225.reg
[2010.09.07 15:51:29 | 000,000,669 | ---- | C] () -- E:\Eigene Dateien\Desktop\CCleaner.lnk
[2010.09.07 13:47:33 | 000,363,520 | ---- | C] () -- E:\Eigene Dateien\Desktop\iExplore.exe
[2010.09.07 13:45:42 | 000,363,520 | ---- | C] () -- E:\Eigene Dateien\Desktop\rkill.com
[2010.09.07 13:38:05 | 000,000,643 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.07 13:02:01 | 000,000,150 | ---- | C] () -- C:\Windows\SysWow64\3356018.BAT
[2010.09.05 15:19:06 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.09.04 21:11:00 | 000,000,905 | ---- | C] () -- E:\Eigene Dateien\Desktop\SteamLess Left4Dead2.lnk
[2010.09.03 22:27:34 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\jmmpa.dll
[2010.09.03 22:27:34 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\jsound.dll
[2010.09.03 22:27:34 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\jmh261.dll
[2010.09.03 22:27:34 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\jmvh263.dll
[2010.09.03 22:27:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\jmjpeg.dll
[2010.09.03 22:27:34 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\jmh263enc.dll
[2010.09.03 22:27:34 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\jmg723.dll
[2010.09.03 22:27:34 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\jmmpegv.dll
[2010.09.03 22:27:34 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\jmutil.dll
[2010.09.03 22:27:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\jmgsm.dll
[2010.09.03 22:27:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\jmam.dll
[2010.09.03 22:27:34 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmcvid.dll
[2010.09.03 22:27:34 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmacm.dll
[2010.09.03 22:27:34 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\jmvfw.dll
[2010.09.03 22:27:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\jmdaud.dll
[2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmvcm.dll
[2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmgdi.dll
[2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmddraw.dll
[2010.09.03 22:27:34 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmfjawt.dll
[2010.09.03 22:27:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmmci.dll
[2010.09.03 22:27:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmdaudc.dll
[2010.09.02 12:56:14 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.02 12:53:42 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.30 21:47:16 | 000,000,498 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Hubsi.job
[2010.08.30 21:47:13 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010.08.30 19:48:40 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.08.30 19:36:52 | 000,001,629 | ---- | C] () -- E:\Eigene Dateien\Desktop\DivX Movies.lnk
[2010.08.26 00:21:10 | 000,009,466 | ---- | C] () -- C:\Windows\SysWow64\sound.mod
[2010.08.21 14:48:08 | 000,524,288 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000002.regtrans-ms
[2010.08.21 14:48:08 | 000,524,288 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000001.regtrans-ms
[2010.08.21 14:48:08 | 000,065,536 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TM.blf
[2010.08.16 19:24:02 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2010.07.15 22:44:49 | 000,437,554 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_vcredistMSI4FC8.txt
[2010.07.15 22:44:49 | 000,011,662 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_vcredistUI4FC8.txt
[2010.07.05 23:38:57 | 000,028,150 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_depcheckdotnetfx30.txt
[2010.07.05 23:38:53 | 000,032,214 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_dotnetfx3install.txt
[2010.07.05 23:38:53 | 000,000,718 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_dotnetfx3error.txt
[2010.06.24 19:13:37 | 000,524,288 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TMContainer00000000000000000002.regtrans-ms
[2010.06.24 19:13:37 | 000,524,288 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TMContainer00000000000000000001.regtrans-ms
[2010.06.24 19:13:37 | 000,065,536 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TM.blf
[2010.06.12 21:15:29 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.06.12 21:12:55 | 000,002,415 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.04.04 17:37:20 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.04.04 17:37:20 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.04.04 17:37:17 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.04.04 17:37:17 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.01.13 17:21:25 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2009.12.26 16:46:54 | 000,000,317 | ---- | C] () -- C:\Windows\game.ini
[2009.12.04 17:38:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Nadeo.ini
[2009.11.10 22:02:41 | 000,000,680 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\d3d9caps.dat
[2009.10.25 23:26:32 | 000,185,720 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_SqlPubWiz.msi2ABC.txt
[2009.10.25 23:26:27 | 000,283,690 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WinSDK_RefInt_x64_MSI2AAC.txt
[2009.10.25 23:26:19 | 000,549,072 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI2A92.txt
[2009.10.25 23:26:11 | 000,440,254 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2A77.txt
[2009.10.25 23:25:49 | 005,358,706 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WinSDK_Build_x64_MSI2A30.txt
[2009.10.25 23:25:42 | 000,653,358 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WinSDK_Tools_x64_MSI2A19.txt
[2009.10.25 23:25:15 | 002,486,530 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_CrystalReports2007_x64_MSI29C1.txt
[2009.10.25 23:24:02 | 004,634,744 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_CrystalReports2007_MSI28D2.txt
[2009.10.25 23:23:54 | 001,222,898 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_RDBG_AMD64_MSI28B8.txt
[2009.10.25 23:23:25 | 001,711,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.10.25 23:21:14 | 000,289,768 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_64bitEmulator_MSI26AE.txt
[2009.10.25 23:20:53 | 005,144,150 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WMSP_5_0_MSI2669.txt
[2009.10.25 23:20:18 | 007,059,112 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WMPPC_5_0_MSI25F7.txt
[2009.10.25 23:20:12 | 000,730,446 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_SSCEDeviceRuntime_MSI25E3.txt
[2009.10.25 23:20:07 | 000,313,566 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_SQLCEToolsForVS2007_MSI25D3.txt
[2009.10.25 23:20:02 | 000,356,686 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_SSCERuntime_MSI25C2.txt
[2009.10.25 23:19:37 | 000,843,636 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_VSTOR_MSI2571.txt
[2009.10.25 23:19:24 | 001,046,252 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_NETCFSetupv35_MSI2546.txt
[2009.10.25 23:19:13 | 001,012,638 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_NETCFSetupv2_MSI2522.txt
[2009.10.25 23:10:47 | 050,904,718 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\VSMsiLog1EAE.txt
[2009.10.25 23:08:30 | 002,862,508 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_Dexplorer90_retMSI1CEF.txt
[2009.10.25 23:08:24 | 000,358,650 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_PreReq_AMD64_MSI1CDB.txt
[2009.10.25 23:08:13 | 000,838,352 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_VC_MinRed_MSI1CB7.txt
[2009.10.25 23:07:13 | 000,317,613 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_depcheck_VS_PRO_90.txt
[2009.10.25 23:07:04 | 000,704,096 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_install_vs_procore_90.txt
[2009.10.25 23:07:04 | 000,011,384 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\uxeventlog.txt
[2009.10.25 23:07:04 | 000,000,002 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_error_vs_procore_90.txt
[2009.10.20 20:46:36 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.10.20 20:45:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.10.05 21:34:16 | 000,000,678 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.09.19 23:20:47 | 000,023,888 | ---- | C] () -- C:\Users\Hubsi\AppData\Roaming\UserTile.png
[2009.06.29 18:54:06 | 000,040,960 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.26 13:54:05 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.06.26 13:53:33 | 000,030,539 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.06.26 13:51:55 | 000,000,732 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\d3d9caps64.dat
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dossec.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2009.07.01 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Atari
[2010.08.26 01:16:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\BitTorrent
[2009.12.06 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\DAEMON Tools Lite
[2010.02.13 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\DAEMON Tools Pro
[2010.07.06 17:02:54 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Dev-Cpp
[2010.03.08 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\FileZilla
[2010.01.25 21:30:57 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\GetRightToGo
[2009.07.07 20:14:06 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Leadertech
[2009.10.18 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\lyx16
[2010.04.07 19:26:41 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2009.09.19 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\PeerNetworking
[2009.10.03 18:34:16 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Petroglyph
[2010.07.22 21:34:05 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Pro Cycling Manager 2010
[2010.01.06 15:34:51 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\ProtectDisc
[2010.02.14 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\TeamViewer
[2010.08.24 19:42:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\temp
[2010.08.25 21:27:01 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\The Creative Assembly
[2010.06.22 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Ubisoft
[2010.01.31 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\uTorrent
[2010.09.07 20:27:01 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.09.07 18:36:11 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4C930AB4-14B1-4E60-A93F-1FEE84B26496}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.06.26 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Adobe
[2010.05.11 13:34:29 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Apple Computer
[2009.07.01 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Atari
[2009.06.27 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\ATI
[2010.08.26 01:16:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\BitTorrent
[2009.12.06 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\DAEMON Tools Lite
[2010.02.13 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\DAEMON Tools Pro
[2010.07.06 17:02:54 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Dev-Cpp
[2010.08.07 13:04:43 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\DivX
[2009.12.13 21:53:16 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\dvdcss
[2010.03.08 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\FileZilla
[2010.01.25 21:30:57 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\GetRightToGo
[2009.06.26 13:52:10 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Identities
[2010.02.20 21:22:55 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\InstallShield
[2009.07.07 20:14:06 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Leadertech
[2009.10.18 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\lyx16
[2009.06.26 14:04:16 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Macromedia
[2010.09.07 13:38:10 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Media Center Programs
[2010.04.07 19:26:41 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.09.01 15:25:07 | 000,000,000 | --SD | M] -- C:\Users\Hubsi\AppData\Roaming\Microsoft
[2010.04.14 22:30:28 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Move Networks
[2009.10.05 21:40:35 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Mozilla
[2009.09.19 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\PeerNetworking
[2009.10.03 18:34:16 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Petroglyph
[2010.07.22 21:34:05 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Pro Cycling Manager 2010
[2010.01.06 15:34:51 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\ProtectDisc
[2009.07.07 20:18:55 | 000,000,000 | RH-D | M] -- C:\Users\Hubsi\AppData\Roaming\SecuROM
[2010.09.07 17:38:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Skype
[2010.08.01 20:22:08 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\skypePM
[2010.02.14 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\TeamViewer
[2010.08.24 19:42:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\temp
[2010.08.25 21:27:01 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\The Creative Assembly
[2010.06.22 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Ubisoft
[2010.01.31 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\uTorrent
[2010.09.03 21:31:31 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\vlc
[2009.06.26 14:16:14 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.06.27 12:50:42 | 000,010,134 | R--- | M] () -- C:\Users\Hubsi\AppData\Roaming\Microsoft\Installer\{4411E4C3-C60F-B094-0E1F-C6E73311A9EA}\ARPPRODUCTICON.exe
[2009.07.20 00:46:05 | 000,010,134 | R--- | M] () -- C:\Users\Hubsi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.04.14 22:30:28 | 000,144,053 | ---- | M] () -- C:\Users\Hubsi\AppData\Roaming\Move Networks\uninstall.exe
[2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Users\Hubsi\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
< End of report >
         

Alt 08.09.2010, 12:12   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor - Standard

Antimalware Doctor



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.09.2010, 22:56   #12
nero08
 
Antimalware Doctor - Standard

Antimalware Doctor



hi hier die Ausgabe AntiMalware:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4580

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

09.09.2010 14:42:33
mbam-log-2010-09-09 (14-42-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 586500
Laufzeit: 1 Stunde(n), 20 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
ein par Sachen wären da noch:

das sicherheitscenter lässt sih nicht starten
und seit dem Mailware Doctor stürzt der Explorer öfters ab und startet dann gleich wieder neu.

lg

Antwort

Themen zu Antimalware Doctor
adware.myway, benutzerprofildienst, bho, bonjour, components, desktop, device driver, diagnostics, document, error, excel, fehler, firefox, flash player, fontcache, google, hdaudio.sys, heuristics.shuriken, hijack, hijackthis, hilfe!!, home, home premium, hotfix.exe, iexplore, install.exe, installation, local\temp, log file, logfile, msiexec, msiexec.exe, notepad.exe, object, office 2007, programdata, registry, richtlinie, rogue.antimalwaredoctor, security, server, software, sptd.sys, start menu, studio, svchost.exe, symantec, system, syswow64, torrent.exe, trojan.agent.ge, visual studio, worm.autorun, wscript.exe



Ähnliche Themen: Antimalware Doctor


  1. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (22)
  2. antimalware doctor
    Plagegeister aller Art und deren Bekämpfung - 18.09.2010 (1)
  3. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (19)
  4. Antimalware Doctor...
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (6)
  5. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (1)
  6. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (14)
  7. Antimalware Doctor
    Diskussionsforum - 30.08.2010 (8)
  8. Antimalware Doctor auf PC
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (2)
  9. Entfernung von Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (3)
  10. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 27.07.2010 (1)
  11. antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 07.07.2010 (2)
  12. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 11.06.2010 (15)
  13. Antimalware Doctor entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.06.2010 (21)
  14. Antimalware Doctor löschen
    Plagegeister aller Art und deren Bekämpfung - 04.06.2010 (1)
  15. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 03.06.2010 (12)
  16. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 23.05.2010 (1)
  17. Antimalware Doctor beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (9)

Zum Thema Antimalware Doctor - Hi @all!!! hab mir leider was eingefangen bzw. mein PC. Bin laut anleitung vorgegangen. 1.) Iexplore: Code: Alles auswählen Aufklappen ATTFilter This log file is located at C:\rkill.log. Please post - Antimalware Doctor...
Archiv
Du betrachtest: Antimalware Doctor auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.