Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.09.2010, 23:39   #1
honkel
 
sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) - Icon16

sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.)



Hallo,

hab jetzt mal ein paar stunden versucht was zu finden wo meine Probleme auftretten, bisher ohne erfolg.

das ist von einem tag auf den anderen Passiert:
* Unheimlich langsames Betriebssystem (Vista prof. 32bit)
* Die Browser gehen zum Teil (Bis auf Firefox beta) garnicht mehr. bleibt nur weiss, bei zu vielen clicks --> absturz
* selbst der firefox beta stürzt alle paar stunden ab (ist darüberhinaus sehr langsam) Zeigt einzelne Seiten garnicht mehr an... (bild.de als bsp)
* alle paar stunden popt eine systemmeldung hoch mit: Der computer wird in 1 minute heruntergeladen (hab mir ne batch datei erstellt mit shutdown -a).. aber wenn ich genau in diesem augenblick nicht hinsehe.. pech.

Trotzdem laufen gewisse Applikationen (Spiele/ HD Filme) ohne zu ruckeln...
Antivir & Co. haben bisher nichts gebracht, lediglich TuneUp hat viele registry probleme entdeckt, aber alle behoben.. trotzdem langsam...

Bin gerade etwas ratlos... Wäre sehr dankbar für tipps!!

Ach ja im Taskmanager gibt es keine auffällige Datei die massig ressourcen frisst... ????

Hab jetzt mal ein Log dazu:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:15:26, on 17.09.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 5\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugin-container.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Deutsch\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Deutsch\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Begdi] C:\Users\***\AppData\Roaming\Adobe\Update\dlgget.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 3.5.30729)" -"h**p://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1280993005659"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Deutsch\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\Deutsch\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Deutsch\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Deutsch\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Deutsch\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Deutsch\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 9677 bytes
         
--- --- ---

beste grüße & vielen dank

Alt 17.09.2010, 09:45   #2
markusg
/// Malware-holic
 
sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) - Standard

sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.)



was soll tuneup da auch nützen :-) zumal tuneup für mich sowieso ein komplett sinnloses programm ist, welches den pc langsam macht und tief ins system eingreift.
ich habs aber schon gesehen denke ich :-)

ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide.
__________________


Alt 17.09.2010, 12:17   #3
honkel
 
sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) - Standard

sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.)



Vielen dank für die schnelle Antwort:

Hier die OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.09.2010 12:19:54 - Run 1
OTL by OldTimer - Version 3.2.12.1     Folder = C:\Users\XXX\Downloads
Windows Vista Business Edition N Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,63 Gb Total Space | 219,90 Gb Free Space | 31,48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1397,26 Gb Total Space | 996,65 Gb Free Space | 71,33% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXX-PC
Current User Name: XXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox 4.0 Beta 5\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\NetPanther Tech\Shutdown Timer 1.1.2.2\Shutdown Timer.exe (NetPanther Tech)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (TortoiseSVN | The coolest Interface to (Sub)Version Control)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe ()
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe File not found
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe File not found
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe File not found
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe File not found
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Deutsch\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (WTouchService) -- C:\Programme\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MSSQLServerADHelper100) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VBoxNetFlt) -- C:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lbd) -- C:\Windows\System32\DRIVERS\Lbd.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (GPU-Z) -- C:\Users\XXX\AppData\Local\Temp\GPU-Z.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (VSPerfDrv100) -- C:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys ()
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - ({09BB444F-B2E2-4009-BAF2-7B727681223E}) -- C:\Se\VMLaunch\BuddyVM.sys (Interlex Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}:2.5.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.29
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21.4
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: StrataBuddy@ReduxTeam:0.6.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2
FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: "221.130.13.204"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "221.130.13.204"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "221.130.13.204"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "221.130.13.204"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "218.25.174.28"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "218.25.174.28"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "218.25.174.28"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "218.25.174.28"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "218.25.174.28"
FF - prefs.js..network.proxy.ssl_port: 80
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.30 20:58:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.03 14:50:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 5\components [2010.09.16 15:31:45 | 000,000,000 | ---D | M]
 
[2008.07.16 13:18:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2010.09.16 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions
[2010.07.08 21:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.09.15 02:14:00 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.07.31 20:46:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.21 22:03:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.09.09 12:00:14 | 000,000,000 | ---D | M] (Download Sort) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}
[2010.04.17 18:55:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\firegestures@xuldev.org
[2010.09.10 00:25:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\foxyproxy@eric.h.jung
[2010.07.08 20:59:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\Strata40@SpewBoy.au
[2010.07.08 21:00:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\StrataBuddy@ReduxTeam
[2010.07.08 20:59:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
[2009.02.19 18:07:22 | 000,001,632 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\FireFox\Profiles\y716wsf7.default\searchplugins\live-search.xml
[2010.09.03 22:25:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.18 21:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.06.28 22:02:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.28 22:02:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.28 22:02:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.28 22:02:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.28 22:02:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Deutsch\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Deutsch\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000..\Run: [Begdi] C:\Users\XXX\AppData\Roaming\Adobe\Update\dlgget.exe ()
O4 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\5.0 ( File not found
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Deutsch\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Deutsch\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Deutsch\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Deutsch\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Deutsch\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Deutsch\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Deutsch\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.07 05:07:41 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{603af4c2-5322-11dd-8086-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{603af4c2-5322-11dd-8086-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe -- File not found
O33 - MountPoints2\{a077ce3c-a3ae-11de-a683-001c4af9480e}\Shell - "" = AutoRun
O33 - MountPoints2\{a077ce3c-a3ae-11de-a683-001c4af9480e}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found
O33 - MountPoints2\{a70919ea-584d-11dd-94f7-001e8c3278de}\Shell - "" = AutoRun
O33 - MountPoints2\{a70919ea-584d-11dd-94f7-001e8c3278de}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{e1bd404b-6343-11de-abd6-001c4af9480e}\Shell - "" = AutoRun
O33 - MountPoints2\{e1bd404b-6343-11de-abd6-001c4af9480e}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^My Exposé.lnk - C:\Windows\Installer\{93F8CD3C-438A-49D4-8BB9-B2CF70C3E250}\_F3FEA0E5229C018837C40F.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Programme\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BILD.lnk - C:\PROGRA~1\BILD~1.DED\BILDDE~1.EXE - File not found
MsConfig - StartUpFolder: C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Bewerbung-Reminder.lnk - C:\Programme\Buhl\Bewerbung 2008\KCReminder.exe - ()
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: AeroSnap - hkey= - key= - C:\Programme\AeroSnap\AeroSnap.exe ()
MsConfig - StartUpReg: Ai Nap - hkey= - key= - C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
MsConfig - StartUpReg: Ai Remote Help - hkey= - key= - C:\Program Files\ASUS\AI Remote\AiRc.exe File not found
MsConfig - StartUpReg: AsusServiceProvider - hkey= - key= - C:\Programme\ASUS\AASP\1.00.23\aaCenter.exe ()
MsConfig - StartUpReg: AsusStartupHelp - hkey= - key= - C:\Programme\ASUS\AASP\1.00.23\AsRunHelp.exe ()
MsConfig - StartUpReg: AutoShutdownManager - hkey= - key= - C:\Program Files\AutoShutdownManager\AutoShutdownManager.exe File not found
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Deutsch\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: Begdi - hkey= - key= - C:\Users\XXX\AppData\Roaming\Adobe\Update\dlgget.exe ()
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe File not found
MsConfig - StartUpReg: Helper - hkey= - key= - C:\Users\XXX\AppData\Roaming\Helper\bin\liveu.exe File not found
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\JM\JMInsIDE.exe ()
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RocketDock - hkey= - key= - C:\Program Files\RocketDock\RocketDock.exe File not found
MsConfig - StartUpReg: SecurDisc - hkey= - key= - C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
MsConfig - StartUpReg: Speed Launch - hkey= - key= - C:\Program Files\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe (Microsoft)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.17 00:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.09.15 20:16:50 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.10 00:11:01 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 5
[2010.09.09 20:06:20 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.09.09 20:06:13 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.09.09 20:06:13 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.09.09 20:05:41 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\TuneUp Software
[2010.09.09 20:05:33 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.09.09 20:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.09.09 20:03:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.09.07 19:54:56 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Google Translator
[2010.09.07 16:40:06 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Unite Media Player
[2010.09.07 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Sudoku-X
[2010.09.06 21:13:01 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Helper
[2010.09.03 19:32:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\test3
[2010.09.03 00:44:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010.09.03 00:44:35 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010.09.03 00:44:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010.09.03 00:44:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010.09.03 00:44:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010.09.03 00:44:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010.09.03 00:44:33 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010.09.03 00:44:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010.09.03 00:44:33 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010.09.03 00:44:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010.09.03 00:44:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010.09.03 00:44:28 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010.09.03 00:44:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010.09.03 00:44:28 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010.09.03 00:44:28 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010.09.03 00:44:28 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010.09.02 18:28:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Dave_Sexton
[2010.09.02 00:37:45 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\test
[2010.09.02 00:33:45 | 000,000,000 | ---D | C] -- C:\Programme\doxygen
[2010.09.02 00:23:28 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\IsolatedStorage
[2010.09.02 00:11:55 | 000,000,000 | ---D | C] -- C:\Programme\Sandcastle
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.17 12:20:45 | 009,699,328 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT
[2010.09.17 12:16:24 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4011727208-2204512221-339002600-1000UA.job
[2010.09.17 12:16:10 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.17 12:16:10 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.17 12:16:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.17 03:03:18 | 001,595,776 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
[2010.09.17 01:31:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4011727208-2204512221-339002600-1000Core.job
[2010.09.17 00:13:20 | 000,002,521 | ---- | M] () -- C:\Users\XXX\Desktop\HiJackThis.lnk
[2010.09.16 15:11:09 | 000,100,158 | ---- | M] () -- C:\Users\XXX\Desktop\musik_next.png
[2010.09.16 15:10:47 | 000,100,172 | ---- | M] () -- C:\Users\XXX\Desktop\musik_play.png
[2010.09.16 15:10:32 | 000,105,437 | ---- | M] () -- C:\Users\XXX\Desktop\musik_back.png
[2010.09.16 15:10:08 | 000,131,347 | ---- | M] () -- C:\Users\XXX\Desktop\musik_1.png
[2010.09.15 21:49:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.15 21:48:42 | 3153,125,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.15 21:47:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.15 21:45:05 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010.09.15 21:45:05 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TM.blf
[2010.09.15 21:41:02 | 003,345,387 | -H-- | M] () -- C:\Users\XXX\AppData\Local\IconCache.db
[2010.09.14 12:28:17 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010.09.13 02:56:55 | 000,012,288 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.11 18:51:23 | 001,778,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.10 00:12:41 | 001,894,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.10 00:12:41 | 000,790,042 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.10 00:12:41 | 000,750,772 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.10 00:12:41 | 000,189,386 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.10 00:12:41 | 000,163,768 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.10 00:12:02 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010.09.10 00:04:28 | 000,128,096 | ---- | M] () -- C:\Users\XXX\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.09 22:10:43 | 000,000,079 | ---- | M] () -- C:\Windows\Wininit.INI
[2010.09.09 21:40:46 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{0d9f80ed-6a70-11db-ade8-c54a08498d8c}.TMContainer00000000000000000001.regtrans-ms
[2010.09.09 21:40:46 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{0d9f80ed-6a70-11db-ade8-c54a08498d8c}.TM.blf
[2010.09.09 20:05:54 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2010.09.09 20:05:54 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.09.07 10:20:00 | 000,001,356 | ---- | M] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat
[2010.09.06 21:15:56 | 000,002,675 | ---- | M] () -- C:\Users\XXX\Desktop\Microsoft PowerPoint 2010.lnk
[2010.09.03 20:03:56 | 007,260,599 | ---- | M] () -- C:\Users\XXX\Desktop\Thesis_twoside_grau.pdf
[2010.09.02 00:42:02 | 000,127,927 | ---- | M] () -- C:\Users\XXX\Desktop\Demolisher_ Demolisher.Buil...pdf
[2010.09.02 00:17:34 | 000,004,540 | ---- | M] () -- C:\Windows\flash.fpr
[2010.09.02 00:08:22 | 000,000,466 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.09.01 17:40:47 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.30 21:59:54 | 000,000,011 | ---- | M] () -- C:\Users\XXX\Desktop\shutdown beenden.bat
[2010.08.24 16:11:43 | 000,002,009 | ---- | M] () -- C:\Users\XXX\Documents\vlc-record-2010-08-24-16h11m41s-[Ne0]-Batman Begins (2005) [400MB][HDRIP].mkv-.mp4
[2010.08.24 02:04:54 | 005,477,397 | ---- | M] () -- C:\Users\XXX\Desktop\Menu.pptx
[2010.08.23 14:36:40 | 000,016,757 | ---- | M] () -- C:\Users\XXX\Documents\kindergeld 2009.docx
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.17 00:11:13 | 000,002,521 | ---- | C] () -- C:\Users\XXX\Desktop\HiJackThis.lnk
[2010.09.16 15:11:05 | 000,100,158 | ---- | C] () -- C:\Users\XXX\Desktop\musik_next.png
[2010.09.16 15:10:43 | 000,100,172 | ---- | C] () -- C:\Users\XXX\Desktop\musik_play.png
[2010.09.16 15:10:27 | 000,105,437 | ---- | C] () -- C:\Users\XXX\Desktop\musik_back.png
[2010.09.16 15:10:00 | 000,131,347 | ---- | C] () -- C:\Users\XXX\Desktop\musik_1.png
[2010.09.11 18:50:51 | 000,524,288 | -HS- | C] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010.09.11 18:50:51 | 000,524,288 | -HS- | C] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010.09.11 18:50:51 | 000,065,536 | -HS- | C] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TM.blf
[2010.09.10 00:12:00 | 000,001,928 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010.09.09 22:10:43 | 000,000,079 | ---- | C] () -- C:\Windows\Wininit.INI
[2010.09.09 20:05:54 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2010.09.09 20:05:54 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.09.03 20:03:56 | 007,260,599 | ---- | C] () -- C:\Users\XXX\Desktop\Thesis_twoside_grau.pdf
[2010.09.03 00:44:30 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010.09.03 00:44:30 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.09.03 00:44:30 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.09.02 00:42:02 | 000,127,927 | ---- | C] () -- C:\Users\XXX\Desktop\Demolisher_ Demolisher.Buil...pdf
[2010.09.02 00:17:34 | 000,004,540 | ---- | C] () -- C:\Windows\flash.fpr
[2010.09.02 00:08:22 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.30 21:59:31 | 000,000,011 | ---- | C] () -- C:\Users\XXX\Desktop\shutdown beenden.bat
[2010.08.29 00:07:51 | 000,000,801 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010.08.24 16:11:43 | 000,002,009 | ---- | C] () -- C:\Users\XXX\Documents\vlc-record-2010-08-24-16h11m41s-[Ne0]-Batman Begins (2005) [400MB][HDRIP].mkv-.mp4
[2010.08.23 14:36:38 | 000,016,757 | ---- | C] () -- C:\Users\XXX\Documents\kindergeld 2009.docx
[2010.07.07 02:46:13 | 000,000,240 | ---- | C] () -- C:\Windows\apdfpr.ini
[2010.04.05 22:46:45 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010.04.05 22:46:45 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010.04.05 22:46:45 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010.04.05 22:44:30 | 000,024,576 | ---- | C] () -- C:\Windows\System32\GUITOOLS.DLL
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.02.11 01:27:33 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2010.02.03 05:22:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009.11.11 16:14:00 | 001,595,776 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
[2009.10.18 11:48:21 | 000,000,840 | -H-- | C] () -- C:\Users\XXX\AppData\Roaming\vispa.ini
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.06.05 12:54:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.16 01:02:05 | 000,000,451 | ---- | C] () -- C:\Windows\WISO.INI
[2009.02.21 13:45:23 | 003,086,336 | ---- | C] () -- C:\Windows\System32\NCMedia.dll
[2009.02.21 13:45:23 | 003,086,336 | ---- | C] () -- C:\Windows\System32\flvvideo.dll
[2009.02.21 13:45:23 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008.12.24 11:38:38 | 000,144,384 | ---- | C] () -- C:\Windows\System32\miccyhook.dll
[2008.11.15 13:14:15 | 000,154,224 | ---- | C] () -- C:\Users\XXX\AppData\Local\debuggee.mdmp
[2008.09.11 14:07:24 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2008.09.11 14:06:48 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.09.06 17:22:42 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.08.24 13:55:42 | 007,034,368 | ---- | C] () -- C:\Windows\System32\BCC5 Render Engine 8BPC.dll
[2008.08.15 17:00:28 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.07.16 19:14:22 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.07.16 19:14:21 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.07.16 16:48:23 | 000,022,328 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\PnkBstrK.sys
[2008.07.16 15:50:24 | 000,012,288 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.16 15:22:36 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008.07.16 15:02:13 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.07.16 12:58:01 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2008.07.16 12:58:01 | 000,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2008.07.16 12:54:31 | 000,024,294 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.07.16 12:54:27 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008.07.16 12:54:15 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008.07.16 12:46:44 | 000,001,356 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat
[2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.04.26 14:27:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\.purple
[2010.05.23 20:26:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Academic Software Zurich
[2009.02.11 00:21:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Activision
[2009.08.17 20:24:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AeroSnapApp
[2010.09.17 00:11:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AIMP
[2010.03.01 14:26:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AquaSoft
[2010.06.04 01:02:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Autodesk
[2009.05.16 01:07:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service
[2009.05.16 01:07:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service GmbH
[2009.04.10 09:38:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Bump Technologies, Inc
[2009.07.13 16:05:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CoSoSys
[2009.06.27 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools
[2009.06.27 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite
[2009.05.19 13:15:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DataDesign
[2010.04.28 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\de.bild.desktop.A50E06F86BD8101EC58D2EAE22BF0ECEFF3314ED.1
[2010.09.16 22:31:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox
[2009.10.29 23:26:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\gtk-2.0
[2008.11.08 00:21:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\JetBrains
[2008.11.05 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech
[2009.09.13 16:01:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Lost Marble
[2010.05.28 16:45:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OgmoEditor.85BDBC80EE4F35100BB93248B138F1E7B6970617.1
[2010.09.07 19:54:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera
[2009.10.20 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Red Alert 3
[2010.06.15 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Research In Motion
[2010.03.15 01:02:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Soldat
[2010.05.24 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Splinter Cell - Conviction
[2008.11.07 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Subversion
[2010.05.24 12:48:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thinstall
[2010.09.09 20:05:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TuneUp Software
[2009.08.07 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ubisoft
[2009.02.23 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Windows Live Writer
[2010.02.21 03:22:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WTouch
[2010.09.15 21:47:07 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.26 14:27:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\.purple
[2010.05.23 20:26:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Academic Software Zurich
[2009.02.11 00:21:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Activision
[2010.08.28 16:07:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Adobe
[2009.08.17 20:24:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AeroSnapApp
[2008.07.21 17:42:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ahead
[2010.09.17 00:11:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AIMP
[2010.06.17 18:32:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Apple Computer
[2010.03.01 14:26:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AquaSoft
[2008.07.16 13:11:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ATI
[2010.06.04 01:02:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Autodesk
[2009.05.16 01:07:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service
[2009.05.16 01:07:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service GmbH
[2009.04.10 09:38:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Bump Technologies, Inc
[2009.07.13 16:05:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CoSoSys
[2009.06.27 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools
[2009.06.27 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite
[2009.05.19 13:15:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DataDesign
[2010.04.28 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\de.bild.desktop.A50E06F86BD8101EC58D2EAE22BF0ECEFF3314ED.1
[2010.06.17 15:46:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DivX
[2010.09.16 22:31:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox
[2010.08.05 23:09:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\dvdcss
[2009.10.29 23:26:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\gtk-2.0
[2010.09.06 21:13:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Helper
[2008.07.16 12:47:15 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Identities
[2008.07.16 12:55:02 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\InstallShield
[2008.11.08 00:21:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\JetBrains
[2008.11.05 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech
[2008.11.05 17:03:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Logitech
[2009.09.13 16:01:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Lost Marble
[2008.07.23 02:58:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Macromedia
[2010.08.15 12:04:38 | 000,000,000 | --SD | M] -- C:\Users\XXX\AppData\Roaming\Microsoft
[2008.07.16 13:18:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla
[2010.05.28 16:45:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OgmoEditor.85BDBC80EE4F35100BB93248B138F1E7B6970617.1
[2010.09.07 19:54:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera
[2009.10.20 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Red Alert 3
[2010.06.15 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Research In Motion
[2009.06.27 20:02:02 | 000,000,000 | RH-D | M] -- C:\Users\XXX\AppData\Roaming\SecuROM
[2010.03.15 01:02:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Soldat
[2010.05.24 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Splinter Cell - Conviction
[2008.11.07 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Subversion
[2008.07.24 15:11:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sun
[2010.05.24 12:48:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thinstall
[2008.11.15 12:58:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TortoiseSVN
[2010.09.09 20:05:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TuneUp Software
[2009.08.07 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ubisoft
[2010.09.17 12:18:32 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\vlc
[2010.02.20 02:42:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\VMware
[2009.02.23 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Windows Live Writer
[2010.05.27 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WinRAR
[2010.09.15 21:51:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WTablet
[2010.02.21 03:22:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WTouch
 
< %APPDATA%\*.exe /s >
[2010.09.17 12:16:34 | 000,286,208 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Adobe\Update\dlgget.exe
[2010.02.26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010.02.26 10:54:59 | 000,091,696 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2009.09.03 11:27:54 | 014,623,184 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Dropbox\cache\Dropbox-update-0.6.556.exe
[2010.02.26 10:54:53 | 013,264,416 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Dropbox\cache\Dropbox-update-0.7.110.exe
[2010.04.28 13:31:19 | 000,038,784 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2008.11.04 23:13:22 | 001,887,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\XXX\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2010.04.13 00:54:09 | 000,022,382 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{09710638-E0CD-4D60-92D3-CCC0080FB898}\SpeedLaunchShortcutIcon.exe
[2008.11.05 17:03:31 | 000,010,134 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010.09.17 00:11:13 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_0210F596990CC0F8467B7D.exe
[2010.03.10 14:32:19 | 000,076,726 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_1C9762A6E36D683B979E96.exe
[2010.03.10 14:32:19 | 000,010,134 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_2E97BF7FEB4C1EC32DA78C.exe
[2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_2EFAB9F502AD21D177F2C9.exe
[2010.03.10 14:32:19 | 000,078,555 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_34BF9608B95534C9DAF2CF.exe
[2010.03.10 14:32:19 | 000,076,726 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_54F53FC549B7DD6EF05122.exe
[2010.03.10 14:32:18 | 000,076,726 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_5ABA7F457238E3583E94C0.exe
[2010.03.10 14:32:18 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_6FEFF9B68218417F98F549.exe
[2010.03.10 14:32:19 | 000,078,555 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_9ED7215EF0AADF263FBFAC.exe
[2010.03.10 14:32:19 | 000,076,726 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_9EEFE047281CD42A674D6C.exe
[2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_B21DC0C9A66A9D359D1702.exe
[2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_BDA9D139831B87395CEFE5.exe
[2010.03.10 14:32:19 | 000,097,527 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_C08B8990FBA7DC1E28475E.exe
[2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_C3306E791AAE11EADC1DA3.exe
[2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_F782E19AF691D69A4E38F5.exe
[2010.03.10 14:32:19 | 000,076,726 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_F79A71886B92E08B36509D.exe
[2010.06.25 16:02:15 | 000,029,926 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{729713E3-CFD5-4E9F-A301-5BD8EA25A28B}\_853F67D554F05449430E7E.exe
[2008.07.16 13:05:45 | 000,009,158 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
[2009.05.16 01:02:14 | 000,000,766 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\ARPPRODUCTICON.exe
[2009.05.16 01:02:14 | 000,102,400 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut10_B4FF87E14FE14F1F88FCF45D507E4C85.exe
[2009.05.16 01:02:14 | 000,102,400 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut11_B4FF87E14FE14F1F88FCF45D507E4C85.exe
[2009.05.16 01:02:14 | 000,131,072 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut12_B4FF87E14FE14F1F88FCF45D507E4C85.exe
[2009.05.16 01:02:14 | 000,000,766 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut6_E1E4F3CEA34E46678DE9147249FAE468.exe
[2009.05.16 01:02:14 | 000,069,632 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut7_B4FF87E14FE14F1F88FCF45D507E4C85.exe
[2009.05.16 01:02:14 | 000,131,072 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut9_B4FF87E14FE14F1F88FCF45D507E4C85.exe
[2010.02.28 20:16:41 | 000,010,134 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{F20F8E93-3471-1808-AC39-7CE622FCBB4B}\ARPPRODUCTICON.exe
[2010.07.13 09:35:44 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\ARPPRODUCTICON.exe
[2010.07.13 09:35:44 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut1_FE2607FACB3C4E0CA7E2797ED759975C.exe
[2010.07.13 09:35:44 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut2_FE2607FACB3C4E0CA7E2797ED759975C.exe
[2010.07.13 09:35:44 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut4_FE2607FACB3C4E0CA7E2797ED759975C.exe
[2010.07.13 09:35:44 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut6_FE2607FACB3C4E0CA7E2797ED759975C.exe
[2010.07.13 09:35:44 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut7_9F3B26B4AC704A0D8B881AC73195456F.exe
[2010.07.13 09:35:44 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut9_9F3B26B4AC704A0D8B881AC73195456F.exe
[2010.09.09 00:16:13 | 000,188,152 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\y716wsf7.default\FlashGot.exe
[2010.08.03 21:38:38 | 000,400,728 | ---- | M] (Research In Motion Limited) -- C:\Users\XXX\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\BBDesktopInstaller.exe
[2010.08.03 21:38:38 | 002,959,376 | ---- | M] (Microsoft Corporation) -- C:\Users\XXX\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\dotnetfx35setup.exe
[2010.08.29 00:05:58 | 102,135,128 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Extractor.exe
[2010.08.03 21:38:38 | 000,128,472 | ---- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Helper.exe
[2010.08.03 21:38:40 | 001,821,192 | ---- | M] (Microsoft Corporation) -- C:\Users\XXX\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\vcredist_x86.exe
[2010.05.24 16:18:13 | 000,923,424 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Splinter Cell - Conviction\Uninstall\unins000.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2010.06.24 22:28:24 | 681,867,016 | ---- | M] (Microsoft Corporation) -- C:\Office 2010 Proffessional Plus Morgan Stanley .exe
[2010.07.31 20:49:10 | 466,607,696 | ---- | M] (Microsoft Corporation) -- C:\Office Language Pack German - Paid via Credit Card.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.07.16 14:00:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.07.16 14:00:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.07.16 14:00:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.07.16 14:27:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2008.07.16 14:27:20 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.11 23:08:49 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.02.03 06:17:56 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2008.01.18 23:34:22 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll
[2008.01.18 23:35:16 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2009.04.10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:81405BF2
< End of report >
         
--- --- ---
__________________

Alt 17.09.2010, 12:21   #4
honkel
 
sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) - Standard

sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.)



EXTRAS.TXTOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.09.2010 12:19:54 - Run 1
OTL by OldTimer - Version 3.2.12.1     Folder = C:\Users\XXX\Downloads
Windows Vista Business Edition N Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,63 Gb Total Space | 219,90 Gb Free Space | 31,48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1397,26 Gb Total Space | 996,65 Gb Free Space | 71,33% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXX-PC
Current User Name: XXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Deutsch\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Deutsch\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BBFFD0-3BE4-48A3-ABE0-379BCC56A008}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10628F55-0DC1-40A2-A67D-843A65285D1A}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{11E915CB-E153-400A-BBF9-930EE374A85B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1AA3608C-DF02-400A-B352-59CBC4C3B991}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\deutsch\microsoft office\office14\outlook.exe | 
"{1C465998-5625-40E5-B2BB-5DB29F7AE015}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{262440CE-6014-4534-BFB4-FBDEF8BC7865}" = rport=139 | protocol=6 | dir=out | app=system | 
"{32D827FA-21CC-4245-9DF8-467F44F8C783}" = rport=137 | protocol=17 | dir=out | app=system | 
"{43364628-78AA-4A65-A576-BBB54E037FF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5BE8DAC7-0387-4D2B-B94E-EE564A5F98BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6A58D24D-B18F-442E-BC29-F6B3C178C89F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6CF2EC6E-2901-4E53-90DF-37D415D8DC3A}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{77497730-8898-4ECE-A643-9F10813FDAD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B0B05B0-0D82-48AB-AF09-419821434841}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{97B26694-30D0-47E1-95B6-AACC6B3F0B82}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9B0B7493-F31F-4573-A196-8738C14E9A4C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CE4D48AE-52A8-4436-9B4C-288FD31081A0}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{D5D8ADB6-168F-4AB2-9177-AEF934509F83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D70ED734-D3DE-42B3-A446-D5F065CF550D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E9366EB7-6BF2-40BA-B47C-8E7632A2E270}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EAEBF600-B3C7-43BC-AAB6-099510BF9AAD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ECED79CA-C1E0-42E9-A04F-946C0D85A566}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EF879830-B17D-4CFF-B51C-A6A64979015B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F0A95DCB-7452-4D6D-A6D9-5D0A03B5DCFA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FD7DB5E3-5A3E-4C21-A6AC-01C4015ACCAC}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0138B42B-6787-457A-A8C4-BE5F882D09C9}" = protocol=6 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx9.exe | 
"{01E3E68A-47CB-4640-914B-1ADC23BFE55A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{03F28BD7-C006-4094-BF2F-6183FE2812EE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0B9CCE50-CB91-420C-B027-C54084A08AB6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{0E3F259C-64AE-4119-AD75-DDFA5FEB5FD2}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | 
"{11CE9606-C5D4-4604-964B-9138218BB4AE}" = protocol=6 | dir=out | app=system | 
"{14C323A8-992B-43B1-B4DF-B66244660806}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{1866852B-3E6E-4A8C-A3EC-B375F385260D}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | 
"{1A3BFF76-44F9-4E41-B8F5-9DCCC7454C77}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{1AE2BF45-F2C8-43B1-9FE9-BC60884353E5}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v3.1\bin\xnaliveproxy.exe | 
"{1B15C9BC-A5BC-4C94-9603-AF3014A61944}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe | 
"{2AD84A11-CD82-433A-993B-589A80900A2E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{31D5D609-0314-4317-9061-FEC80D091FE1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{3870D421-0B39-438B-BFC2-5A1651E4DA01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3B05FB09-1BA1-4D54-96DF-B5948983EDC8}" = dir=in | app=c:\program files\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe | 
"{50D3FC7B-C678-4B4C-BE5E-D1794A7B452D}" = protocol=17 | dir=in | app=c:\program files\deutsch\microsoft office\office14\onenote.exe | 
"{51E1D90E-5F1F-46A2-A74E-3B8306C4ED47}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{5370992F-AB94-470E-8860-E1F530EEA9B7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{5411FAE7-F73E-4148-A6F3-94C965BD0ACD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{544672DD-86E1-482F-96FA-8C92780E8504}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{54AA24E6-7647-49B8-B0EC-E48983C27D8C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{564D530A-A34D-44D4-9F42-9E9D4091695D}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{66F8A5B2-FBED-42B1-9EBF-FFCF5AFFB464}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{68F1BE0F-BBA2-485D-B5E0-FF0FD8C9ABB9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6AA84C3B-D27A-4BD2-A660-939FD61C084C}" = protocol=6 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | 
"{6B88C9E5-FABD-4E59-BA90-6A724A2FEFD9}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{6E73ED82-C171-4DBC-AE8C-EAD62DAE5B6B}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{729E4167-E688-419C-B150-E18385C9C394}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{75F1DB2B-7BAA-4F4C-966E-D778E4E67206}" = protocol=6 | dir=in | app=c:\program files\deutsch\microsoft office\office14\groove.exe | 
"{775E3EEF-A6CD-46B5-89DD-141F9F984112}" = protocol=6 | dir=in | app=c:\program files\codemasters\dirt2 demo\dirt2.exe | 
"{85351BAD-B81F-43B3-AFD2-360283D5C20F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{863643DE-DF32-4071-B101-E0479600DB2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{8697A40B-0DEF-4C8B-A159-DC36D2EF651A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe | 
"{88343888-FDE5-4197-ADCF-A3EEB1A78F04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B9EE1C4-233D-4966-910C-3C6DFE3E051C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DA9216D-13DC-41B8-A53E-50BEE22E9EF2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8DF12103-30CC-4DE4-822C-BABF90883356}" = protocol=17 | dir=in | app=c:\program files\activision\x-men origins - wolverine(tm)\binaries\wolverine.exe | 
"{8E173918-A8D5-446D-BBAF-44AB2BB62812}" = protocol=17 | dir=in | app=c:\program files\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | 
"{94BBA058-D507-407C-9A02-CF154F57689F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{95F7B9C0-C320-4CD3-8288-3F64DCC93F28}" = protocol=6 | dir=in | app=c:\program files\activision\x-men origins - wolverine(tm)\binaries\wolverine.exe | 
"{96C4D8F3-3475-4231-91D2-CF6913C71546}" = protocol=6 | dir=in | app=c:\program files\deutsch\microsoft office\office14\onenote.exe | 
"{9891D1FD-DAA9-4624-BBF4-003859F3E25C}" = protocol=17 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx9.exe | 
"{9AB07861-B510-42E0-A791-CBF22C135747}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{A19324AB-5CFB-4D1B-954D-10D289BB4889}" = protocol=6 | dir=in | app=c:\program files\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | 
"{A1D6145A-64EF-4795-B800-0590B1627E24}" = protocol=17 | dir=in | app=c:\program files\codemasters\dirt2 demo\dirt2.exe | 
"{AAE6CDB0-B8E3-4CEE-B4CF-23D3C52B63FA}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{B3D31B10-983A-4D1F-92E2-971A2C9BBA1E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BAB8E59B-27DC-4B4B-BD85-79AADA48241C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{BD1E4613-8E4E-4F2B-8F9B-80ABE1304316}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{BE90B789-DC2E-4CF0-B8E5-E589E2ADD839}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BFBA6019-29BE-4CBD-8C8E-27DB7833F628}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{C052297A-7E2D-4C15-AA97-03EA02A773CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C568CEE7-A700-4084-B487-838D167AE06C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{C7CA7F33-0623-4208-B69A-C218F9165E99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C86DAD98-B8D2-4423-81CE-B233451EAF65}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{D0842EF9-BF0E-4609-9A14-33C59044AB15}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe | 
"{D31F5D6A-0973-48EA-B10D-17B0C2D1B9D5}" = protocol=17 | dir=in | app=c:\program files\deutsch\microsoft office\office14\groove.exe | 
"{D465271A-E4FE-4AE8-80AA-BDC0DC5C69CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7B63FA5-290C-4155-B45C-F54D1B9DA533}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D880A591-08E3-4D15-ABF1-59CD0127D7EC}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{DEF0E6BB-0533-4D2F-88C2-E25F508EA3BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DF118333-72F2-4A80-8E14-740C97B8DEAB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{DF502116-0DDC-418C-95E4-0A631C347985}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{E35D8FD0-B689-4D04-BF75-91628CD50F8F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{E5255AE1-65BC-42D3-A109-D59052B1D539}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E9BA71F2-B9C4-48DF-A938-DB6481E5DAF5}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{EADE46AB-57C6-4451-87AB-C495F1149130}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{EC6806D6-08BE-48BC-8C7F-45C75DDB9386}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe | 
"{ED2374A5-72C7-4C91-B5C8-817BD928E6E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EDC7EDBB-0D56-4B0C-8000-6C731493ABFA}" = protocol=17 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | 
"{F325B8DD-C9C8-4D6B-8F34-4BA2724670FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{082B863C-4F38-42AB-8AA6-3C34CD3A5D11}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{08966EF8-1B31-4F2C-A4D0-2A1181BEBF24}C:\gp409_rc4_2009\gp409_rc4\gp4.exe" = protocol=6 | dir=in | app=c:\gp409_rc4_2009\gp409_rc4\gp4.exe | 
"TCP Query User{1869BAEC-DE13-42CA-A66B-49C754EC0712}C:\program files\java\jdk1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_07\bin\java.exe | 
"TCP Query User{2A07D91C-A085-4881-9F2D-49A3B005EB69}C:\program files\codemasters\dirt\dirt.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\dirt\dirt.exe | 
"TCP Query User{3EC7D343-3CBC-4858-89B6-3F1673AD4B49}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{4422ABAE-91FD-4525-8891-E9B9B3F957F3}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe | 
"TCP Query User{54EFDD06-2055-47B6-9B27-4B9CE8F25D82}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{559FD99E-36C7-43A3-B1E0-D2254CE09C71}C:\program files\codemasters\dirt\dirt.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\dirt\dirt.exe | 
"TCP Query User{6C4F187C-D557-489C-BC16-0D72CC41E36B}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{7186D353-E12F-4235-B4D3-C3D21E6E4A99}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{74CD7EE5-9F0D-4AE0-AB7B-789BE719C746}C:\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse\eclipse.exe | 
"TCP Query User{78B943CF-EB8D-4898-8C11-7D22C3A37921}C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe" = protocol=6 | dir=in | app=c:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe | 
"TCP Query User{7FF973CB-902F-41F6-B02E-B79B57F64286}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{81E59778-CA0D-4963-A6EA-DAEEE71965D1}C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"TCP Query User{82DBF1DE-8E30-4637-BEC0-705FF74EEC13}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{973F2630-CCE5-48E5-B027-FDFAF6FF2F4F}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{A4352A95-C7D4-4883-80A7-C73D271BA100}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{A52396B6-3532-4EBE-B7F8-8D94494BBB1B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{B000EE16-4879-4016-9874-A47266CE9C89}C:\program files\r.g. mechanics\splinter cell - conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files\r.g. mechanics\splinter cell - conviction\src\system\conviction_game.exe | 
"TCP Query User{B420EB65-9515-42D8-8CDB-09B4A3F38379}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{B5780DB7-B819-4087-90BC-AA2E3EB01958}C:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe | 
"TCP Query User{C2D6ED38-61AA-418D-8300-2BD5F05AE173}C:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe | 
"TCP Query User{CC8992C4-A163-494B-9B8A-97E49D8AAF22}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
"TCP Query User{D878B7B1-2333-47D0-8937-68253DA0D9A9}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"TCP Query User{E733B3B8-85C2-4C52-A8AE-9FA5A7A0E52F}C:\program files\r.g. mechanics\splinter cell - conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files\r.g. mechanics\splinter cell - conviction\src\system\uplaybrowser.exe | 
"TCP Query User{EA4A6B14-2E63-468A-ADE4-768CF35615E2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{EC92845D-F5B0-4857-9545-09F1EAA55746}C:\program files\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_07\jre\bin\java.exe | 
"TCP Query User{F245376D-A645-4FCD-AB78-717487F1F437}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{F6C53B78-975D-4C6C-9207-A754A5ED3958}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{FAB4BEB7-DE3F-415B-A338-9A4D5F62A821}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{FEC44ED2-DFB2-4778-8A6B-547FA3493E36}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{FF6A7021-80B3-4353-84C5-F91F8B09921E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{0FF1F6D8-A1D2-415F-B40E-0B2A0FC9ACDB}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{17CE954B-C712-4960-B130-9A5C7C6241E6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1D6D9927-9D18-4DBA-8395-AE4EFCCC0E00}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
"UDP Query User{1EB6CF69-0A86-4C5B-8478-8D388800CDA3}C:\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse\eclipse.exe | 
"UDP Query User{217E3202-0733-4CE1-BD7A-42AE177A0429}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{23546DD3-920F-47A3-BFBD-4CE99244EDC8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{2C8D39D2-F5D8-48B3-AC62-B310F2C9F7D3}C:\gp409_rc4_2009\gp409_rc4\gp4.exe" = protocol=17 | dir=in | app=c:\gp409_rc4_2009\gp409_rc4\gp4.exe | 
"UDP Query User{2D5CA029-14F3-46FB-8A99-146D516B9A2C}C:\program files\codemasters\dirt\dirt.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\dirt\dirt.exe | 
"UDP Query User{441C45FE-2A6F-49B9-B763-56FF6B07A737}C:\program files\r.g. mechanics\splinter cell - conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files\r.g. mechanics\splinter cell - conviction\src\system\uplaybrowser.exe | 
"UDP Query User{4832200E-689E-40F9-B40C-F918C15AF591}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{4CC8BBCE-5B1C-481B-9D8B-1272C6157FF8}C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe" = protocol=17 | dir=in | app=c:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe | 
"UDP Query User{5340D743-E7CB-4A02-8C3B-9D9DED0D9B96}C:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe | 
"UDP Query User{5A5A76AF-6D4F-4C0F-B85D-FF885409C492}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{699A6D03-7A85-41CC-B30D-6AB6AFFDE38F}C:\program files\java\jdk1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_07\bin\java.exe | 
"UDP Query User{6B16AB53-0D87-4643-89CE-939D05ABF797}C:\program files\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_07\jre\bin\java.exe | 
"UDP Query User{705B5DEE-A3FE-46D3-838E-10D2739E0A3B}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{706E0E78-7068-4F16-A4E6-7E7F69F0C09F}C:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe | 
"UDP Query User{8E9D5870-F100-4AA2-A854-11AF485A18B3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{8FA3B5C3-D0FE-48A4-BFD6-7EEFA34E9065}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{943F73D9-28E8-459A-9308-F05419039462}C:\program files\r.g. mechanics\splinter cell - conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files\r.g. mechanics\splinter cell - conviction\src\system\conviction_game.exe | 
"UDP Query User{96AFEF9B-8A06-4D0E-B293-EA24D3B4E2F8}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{97A76CE8-E96E-4447-AC12-DCE3D56342BC}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{9C22FAA5-08C7-48EF-B95D-137334A49057}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{9FA33896-D48D-48E7-A190-6367ABDE144E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{AB15BE9B-A75B-4F76-8F2D-79EA52A1BFAE}C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"UDP Query User{B1DA9D83-6EB3-45FC-9D6F-0163BE7BC3D3}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{C85221EC-9BDB-4DBE-BC14-E97EE67B74D6}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{CED3B52E-DEE6-4947-A570-688C27A7740E}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{DB202EEC-2D26-4179-B874-424C1A5B806F}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe | 
"UDP Query User{DF224C23-4C6E-476F-897D-D636DE4C72CB}C:\program files\codemasters\dirt\dirt.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\dirt\dirt.exe | 
"UDP Query User{E4B149A3-E5F2-49FF-A508-D2F041591E83}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{FEA2511B-3A3A-4081-BD8A-C34347F8D99D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)
"{00CC55E1-EA68-22D4-92DF-B94F287DCE40}" = ccc-core-static
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{0742B739-DCA3-4A21-AADD-B7CBF49C2058}" = Adobe Premiere Pro CS3 Third Party Content
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{09710638-E0CD-4D60-92D3-CCC0080FB898}" = Speed Launch from Microsoft Office Labs
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E76D6D4-5EFD-0714-1E65-E5B0ED1C9731}" = Catalyst Control Center Core Implementation
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB)
"{1254DE46-CA5B-40D8-A699-E3C548CED02A}" = VisualSVN 1.5.2
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{185D0A67-E066-44AE-926D-F6305813301C}" = Adobe After Effects CS3 Presets
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DCCB2B0-A482-464F-94F6-1219693E34F0}_is1" = AeroSnap 0.61
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20AC583C-A6FB-410A-807D-25308225C201}" = Paint.NET v3.35
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24D20EF7-2066-42A8-91DB-952636384E42}" = AquaSoft PhotoKalender
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27C0CED3-E9FA-4EA0-96AA-FAECE5F81031}" = Nero 7 Essentials
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D206DBD-6491-26BD-0DFA-165AA8A0CFFD}" = Catalyst Control Center Graphics Light
"{2D3B4614-7291-583D-A925-476924FF5A5F}" = Catalyst Control Center Graphics Previews Common
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2E402AA9-5C0E-45E7-8E70-C23FA0F265D5}" = Microsoft XNA Game Studio 3.1 (devenv)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{44180AF6-7A2A-B2C6-CBC9-AF2547AFD8E6}" = ATI Catalyst Install Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{49389932-51FA-4D26-8B4F-CE86B24302C2}" = TortoiseSVN 1.5.5.14361 (32 bit)
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{4F702A4B-D39C-44E6-95A2-A6C9179303DB}" = WD Drive Manager (x86)
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55ACE462-F309-4650-BE4E-F1008D6D8726}" = Microsoft Visual Studio ProjectAggregator2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56C64E81-FC93-4cb9-9EBF-953662950D3B}_is1" = Delete Virtual-Mate Launcher
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5B479C22-7B50-5D31-7BD9-02D1260254D3}" = Catalyst Control Center HydraVision Full
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5D7C0D74-9E6B-4734-B087-38740640088A}" = Neoforce Controls
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{60B87ADA-167E-4239-AD64-40992C8D220F}" = Adobe After Effects CS3 Third Party Content
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D372DFB-666E-FD3D-8B23-C116A8F5A643}" = Catalyst Control Center Graphics Full Existing
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{6E994B82-FE8B-2777-295A-4D6F4314E8DD}" = ccc-utility
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7162AC2C-733F-4127-ACAD-C5F0F27D123D}" = Adobe Creative Suite 3 Master Collection
"{729713E3-CFD5-4E9F-A301-5BD8EA25A28B}" = COMPUTERBILD-PC-Schnellstarter
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R)
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{93F8CD3C-438A-49D4-8BB9-B2CF70C3E250}" = My Expose
"{94984536-3F27-5800-E537-DA39F62784CB}" = HydraVision
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{99312C08-19A1-4B20-9F1D-3BCEED582278}" = Adobe Soundbooth CS3 Codecs
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}" = Adobe Setup
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2429601-32E2-4981-918E-0971CF24B1D5}" = Boris Continuum Complete 5
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}" = Adobe Premiere Pro CS3
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3D726D7-12FC-B85D-E6C9-54536827A01A}" = Catalyst Control Center Graphics Previews Vista
"{B613BCC6-D542-4A86-BC7B-205A6ADEA46F}" = Microsoft Live Labs Pivot
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools
"{C176CB21-4E7D-D56D-905B-F4A4CB1301AD}" = Catalyst Control Center Graphics Full New
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B1DC23-A171-45D3-A3CA-97E20290D124}" = JetBrains ReSharper 4.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3BD4C42-B54D-DD47-68EC-5DD1D6097E6F}" = CCC Help English
"{D428AB95-35B2-4868-B656-5C316E25EC69}" = Microsoft SQL Server 2008 Database Engine Services
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files 
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DA20D1D5-34A7-4CC6-A7B7-74C69864A357}" = Sandcastle
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DD0B06AD-5E55-41be-88E5-E9D13BAF06F4}" = Context Free
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF781E6F-BF29-4340-BEFB-09F7511B424D}" = Microsoft SQL Server 2008 Database Engine Services
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F20F8E93-3471-1808-AC39-7CE622FCBB4B}" = Catalyst Control Center InstallProxy
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}" = WISO Bewerbung 2008
"{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_8bb24e071e5922899698c2105557bd2" = Add or Remove Adobe Creative Suite 3 Master Collection
"AIMP2" = AIMP2
"AquaSoft PhotoKalender" = AquaSoft PhotoKalender
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BlackBerry MDS Studio Plugin Edition 2.0.0" = BlackBerry MDS Studio Plugin Edition 2.0.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Citavi" = Citavi 2.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"doxygen_is1" = doxygen 1.7.1
"Englisch für Dummies" = Englisch für Dummies
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"FerrariVR" = Ferrari Virtual Race (remove only)
"Freez FLV to AVI/MPEG/WMV Converter 1.5_is1" = Freez FLV to AVI/MPEG/WMV Converter
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"HTML Help Workshop" = HTML Help Workshop
"InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"InterActual Player" = InterActual Player
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Firefox 4.0b6 (x86 de)" = Mozilla Firefox 4.0b6 (x86 de)
"nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2
"nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"Pen Tablet Driver" = Stifttablett
"Pidgin" = Pidgin
"SciPlore MindMapping" = SciPlore MindMapping
"SopCast" = SopCast 3.2.9
"Splinter Cell - Conviction_is1" = Splinter Cell - Conviction
"TmNationsForever_is1" = TmNationsForever
"Trials 2 Second Edition_is1" = Trials 2 Second Edition v1.08
"TuneUp Utilities" = TuneUp Utilities
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Worms Armageddon" = Worms Armageddon
"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Google Translator" = Google Translator
"maComfort" = maComfort
"Sudoku-X" = Sudoku-X
"Unite Media Player" = Unite Media Player
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.12.2009 17:29:58 | Computer Name = XXX-PC | Source = MsiInstaller | ID = 11305
Description = 
 
Error - 01.12.2009 17:30:56 | Computer Name = XXX-PC | Source = VSS | ID = 8194
Description = 
 
Error - 01.12.2009 17:39:55 | Computer Name = XXX-PC | Source = VSS | ID = 8194
Description = 
 
Error - 01.12.2009 17:41:14 | Computer Name = XXX-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 02.12.2009 12:10:46 | Computer Name = XXX-PC | Source = Google Update | ID = 20
Description = 
 
Error - 05.12.2009 08:11:15 | Computer Name = XXX-PC | Source = Google Update | ID = 20
Description = 
 
Error - 06.12.2009 18:25:07 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Prince of Persia.exe, Version 1.0.0.0, Zeitstempel
 0x491b2932, fehlerhaftes Modul Prince of Persia.exe, Version 1.0.0.0, Zeitstempel
 0x491b2932, Ausnahmecode 0xc0000005, Fehleroffset 0x003d3ea7,  Prozess-ID 0x151c,
 Anwendungsstartzeit 01ca76bd52cb9290.
 
Error - 07.12.2009 17:51:25 | Computer Name = XXX-PC | Source = VSS | ID = 8194
Description = 
 
Error - 07.12.2009 17:57:54 | Computer Name = XXX-PC | Source = VSS | ID = 8194
Description = 
 
Error - 07.12.2009 17:59:42 | Computer Name = XXX-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 11.09.2010 12:50:36 | Computer Name = XXX-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 11.09.2010 um 18:47:57 unerwartet heruntergefahren.
 
Error - 11.09.2010 12:52:12 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 14.09.2010 06:31:37 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 14.09.2010 19:43:15 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 15.09.2010 14:39:56 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 15.09.2010 14:40:13 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 15.09.2010 14:40:59 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 15.09.2010 14:43:46 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 15.09.2010 15:50:18 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 15.09.2010 16:00:14 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
--- --- ---

Alt 17.09.2010, 13:10   #5
markusg
/// Malware-holic
 
sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) - Standard

sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.)



Lade
http://www.trojaner-board.de/54791-a...ner-board.html


Antwort

Themen zu sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.)
adobe, antivir guard, avg, avira, bho, browser, browser absturz, computer, defender, desktop, down, dropbox, einzelne nicht geladene internetseiten, excel, firefox, helper, hijack, hijackthis, internet, internet explorer, langsames system, mozilla, registry, rundll, runterfahren, sehr langsam, senden, software, studio, taskmanager, vista, visual studio, windows, wird in 1er min herunterfahren



Ähnliche Themen: sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.)


  1. nur ein PC hat sehr langsames Internet - per LAN
    Netzwerk und Hardware - 14.07.2015 (9)
  2. IT-Sicherheitskonferenz FIRST: Ohne Vertrauen geht nichts, aber das Vertrauen geht
    Nachrichten - 18.06.2015 (0)
  3. Google Chrome Einstellungen werden von einem anderen Programm manipuliert
    Log-Analyse und Auswertung - 29.04.2015 (11)
  4. Windows 7 / langsames System / Abstürze ohne Fehlermeldungen
    Log-Analyse und Auswertung - 08.03.2015 (19)
  5. Neues Lifebook ohne Treiber und Betriebssystem.
    Netzwerk und Hardware - 11.01.2015 (10)
  6. Laptop leeren ohne Update von Betriebssystem zu löschen
    Alles rund um Windows - 30.12.2014 (6)
  7. Sehr langsames Internet
    Plagegeister aller Art und deren Bekämpfung - 12.11.2014 (28)
  8. Weiterleitung zu einem anderen Anbieter
    Log-Analyse und Auswertung - 25.10.2014 (3)
  9. Browser bauen Websites sehr langsam auf. Das Internet ist aber ohne Probleme!
    Plagegeister aller Art und deren Bekämpfung - 03.05.2014 (13)
  10. PUP.BundleOffer.Downloader.S Laptop sehr träge und geht einfach aus - ohne Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2012 (7)
  11. Rechner läuft sehr langsam - HijackThis Log (Betriebssystem XP)
    Log-Analyse und Auswertung - 23.05.2011 (1)
  12. Internet von einem Tag auf den anderen extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (7)
  13. Massig Trojaner auf einem anderen Benutzerkonto!...Wie kann ich sie bekämpfen?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2010 (1)
  14. PC geht dauernd aus, von einem Tag aufn anderen
    Netzwerk und Hardware - 28.06.2009 (1)
  15. Sehr langsames Internet.
    Log-Analyse und Auswertung - 05.03.2009 (3)
  16. Internet geht auf einem PC nicht mehr, Laptop (am gleichen Router angeschlossen) geht
    Plagegeister aller Art und deren Bekämpfung - 04.12.2007 (0)
  17. Browser oder Betriebssystem
    Netzwerk und Hardware - 28.03.2006 (4)

Zum Thema sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) - Hallo, hab jetzt mal ein paar stunden versucht was zu finden wo meine Probleme auftretten, bisher ohne erfolg. das ist von einem tag auf den anderen Passiert: * Unheimlich langsames - sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.)...
Archiv
Du betrachtest: sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.