|
Log-Analyse und Auswertung: sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.09.2010, 23:39 | #1 |
| sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) Hallo, hab jetzt mal ein paar stunden versucht was zu finden wo meine Probleme auftretten, bisher ohne erfolg. das ist von einem tag auf den anderen Passiert: * Unheimlich langsames Betriebssystem (Vista prof. 32bit) * Die Browser gehen zum Teil (Bis auf Firefox beta) garnicht mehr. bleibt nur weiss, bei zu vielen clicks --> absturz * selbst der firefox beta stürzt alle paar stunden ab (ist darüberhinaus sehr langsam) Zeigt einzelne Seiten garnicht mehr an... (bild.de als bsp) * alle paar stunden popt eine systemmeldung hoch mit: Der computer wird in 1 minute heruntergeladen (hab mir ne batch datei erstellt mit shutdown -a).. aber wenn ich genau in diesem augenblick nicht hinsehe.. pech. Trotzdem laufen gewisse Applikationen (Spiele/ HD Filme) ohne zu ruckeln... Antivir & Co. haben bisher nichts gebracht, lediglich TuneUp hat viele registry probleme entdeckt, aber alle behoben.. trotzdem langsam... Bin gerade etwas ratlos... Wäre sehr dankbar für tipps!! Ach ja im Taskmanager gibt es keine auffällige Datei die massig ressourcen frisst... ???? Hab jetzt mal ein Log dazu: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:15:26, on 17.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\WTouch\WTouchUser.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\explorer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox 4.0 Beta 5\firefox.exe C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugin-container.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Deutsch\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Deutsch\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Begdi] C:\Users\***\AppData\Roaming\Adobe\Update\dlgget.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 3.5.30729)" -"h**p://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1280993005659" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Deutsch\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\Deutsch\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Deutsch\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Deutsch\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Deutsch\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Deutsch\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 9677 bytes beste grüße & vielen dank |
17.09.2010, 09:45 | #2 |
/// Malware-holic | sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) was soll tuneup da auch nützen :-) zumal tuneup für mich sowieso ein komplett sinnloses programm ist, welches den pc langsam macht und tief ins system eingreift.
__________________ich habs aber schon gesehen denke ich :-) ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide. |
17.09.2010, 12:17 | #3 |
| sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) Vielen dank für die schnelle Antwort:
__________________Hier die OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 17.09.2010 12:19:54 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\XXX\Downloads Windows Vista Business Edition N Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 698,63 Gb Total Space | 219,90 Gb Free Space | 31,48% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 1397,26 Gb Total Space | 996,65 Gb Free Space | 71,33% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX-PC Current User Name: XXX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox 4.0 Beta 5\firefox.exe (Mozilla Corporation) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\WTouch\WTouchUser.exe (Wacom Technology, Corp.) PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\NetPanther Tech\Shutdown Timer 1.1.2.2\Shutdown Timer.exe (NetPanther Tech) PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (TortoiseSVN | The coolest Interface to (Sub)Version Control) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) PRC - C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe () PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe File not found SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe File not found SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe File not found SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe File not found SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Deutsch\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (WTouchService) -- C:\Programme\WTouch\WTouchService.exe (Wacom Technology, Corp.) SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (MSSQLServerADHelper100) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.) SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (VBoxNetFlt) -- C:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (Lbd) -- C:\Windows\System32\DRIVERS\Lbd.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (GPU-Z) -- C:\Users\XXX\AppData\Local\Temp\GPU-Z.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (VSPerfDrv100) -- C:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG) DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG) DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys () DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron ) DRV - ({09BB444F-B2E2-4009-BAF2-7B727681223E}) -- C:\Se\VMLaunch\BuddyVM.sys (Interlex Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}:2.5.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.29 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21.4 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..extensions.enabledItems: StrataBuddy@ReduxTeam:0.6.2 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9 FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2 FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..network.proxy.backup.ftp: "221.130.13.204" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "221.130.13.204" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "221.130.13.204" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "221.130.13.204" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "218.25.174.28" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "218.25.174.28" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "218.25.174.28" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "218.25.174.28" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "218.25.174.28" FF - prefs.js..network.proxy.ssl_port: 80 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.30 20:58:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.03 14:50:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 5\components [2010.09.16 15:31:45 | 000,000,000 | ---D | M] [2008.07.16 13:18:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2010.09.16 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions [2010.07.08 21:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2010.09.15 02:14:00 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.07.31 20:46:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.21 22:03:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.09.09 12:00:14 | 000,000,000 | ---D | M] (Download Sort) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F} [2010.04.17 18:55:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\firegestures@xuldev.org [2010.09.10 00:25:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\foxyproxy@eric.h.jung [2010.07.08 20:59:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\Strata40@SpewBoy.au [2010.07.08 21:00:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\StrataBuddy@ReduxTeam [2010.07.08 20:59:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\y716wsf7.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions [2009.02.19 18:07:22 | 000,001,632 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\FireFox\Profiles\y716wsf7.default\searchplugins\live-search.xml [2010.09.03 22:25:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.18 21:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.06.28 22:02:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.28 22:02:01 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.28 22:02:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.28 22:02:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.28 22:02:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Deutsch\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Deutsch\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000..\Run: [Begdi] C:\Users\XXX\AppData\Roaming\Adobe\Update\dlgget.exe () O4 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\5.0 ( File not found O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Deutsch\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Deutsch\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Deutsch\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Deutsch\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Deutsch\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Deutsch\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Deutsch\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.03.07 05:07:41 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{603af4c2-5322-11dd-8086-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{603af4c2-5322-11dd-8086-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe -- File not found O33 - MountPoints2\{a077ce3c-a3ae-11de-a683-001c4af9480e}\Shell - "" = AutoRun O33 - MountPoints2\{a077ce3c-a3ae-11de-a683-001c4af9480e}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\{a70919ea-584d-11dd-94f7-001e8c3278de}\Shell - "" = AutoRun O33 - MountPoints2\{a70919ea-584d-11dd-94f7-001e8c3278de}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O33 - MountPoints2\{e1bd404b-6343-11de-abd6-001c4af9480e}\Shell - "" = AutoRun O33 - MountPoints2\{e1bd404b-6343-11de-abd6-001c4af9480e}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^My Exposé.lnk - C:\Windows\Installer\{93F8CD3C-438A-49D4-8BB9-B2CF70C3E250}\_F3FEA0E5229C018837C40F.exe - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Programme\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.) MsConfig - StartUpFolder: C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BILD.lnk - C:\PROGRA~1\BILD~1.DED\BILDDE~1.EXE - File not found MsConfig - StartUpFolder: C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Bewerbung-Reminder.lnk - C:\Programme\Buhl\Bewerbung 2008\KCReminder.exe - () MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: AeroSnap - hkey= - key= - C:\Programme\AeroSnap\AeroSnap.exe () MsConfig - StartUpReg: Ai Nap - hkey= - key= - C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe () MsConfig - StartUpReg: Ai Remote Help - hkey= - key= - C:\Program Files\ASUS\AI Remote\AiRc.exe File not found MsConfig - StartUpReg: AsusServiceProvider - hkey= - key= - C:\Programme\ASUS\AASP\1.00.23\aaCenter.exe () MsConfig - StartUpReg: AsusStartupHelp - hkey= - key= - C:\Programme\ASUS\AASP\1.00.23\AsRunHelp.exe () MsConfig - StartUpReg: AutoShutdownManager - hkey= - key= - C:\Program Files\AutoShutdownManager\AutoShutdownManager.exe File not found MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Deutsch\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: Begdi - hkey= - key= - C:\Users\XXX\AppData\Roaming\Adobe\Update\dlgget.exe () MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe File not found MsConfig - StartUpReg: Helper - hkey= - key= - C:\Users\XXX\AppData\Roaming\Helper\bin\liveu.exe File not found MsConfig - StartUpReg: InCD - hkey= - key= - C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\JM\JMInsIDE.exe () MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RocketDock - hkey= - key= - C:\Program Files\RocketDock\RocketDock.exe File not found MsConfig - StartUpReg: SecurDisc - hkey= - key= - C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) MsConfig - StartUpReg: Speed Launch - hkey= - key= - C:\Program Files\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe (Microsoft) MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.09.17 00:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.09.15 20:16:50 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.10 00:11:01 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 5 [2010.09.09 20:06:20 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.09.09 20:06:13 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.09.09 20:06:13 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.09.09 20:05:41 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\TuneUp Software [2010.09.09 20:05:33 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010 [2010.09.09 20:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2010.09.09 20:03:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.09.07 19:54:56 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Google Translator [2010.09.07 16:40:06 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Unite Media Player [2010.09.07 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Sudoku-X [2010.09.06 21:13:01 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Helper [2010.09.03 19:32:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\test3 [2010.09.03 00:44:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2010.09.03 00:44:35 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2010.09.03 00:44:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2010.09.03 00:44:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2010.09.03 00:44:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2010.09.03 00:44:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2010.09.03 00:44:33 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2010.09.03 00:44:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2010.09.03 00:44:33 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2010.09.03 00:44:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2010.09.03 00:44:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2010.09.03 00:44:28 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2010.09.03 00:44:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2010.09.03 00:44:28 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2010.09.03 00:44:28 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2010.09.03 00:44:28 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2010.09.02 18:28:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Dave_Sexton [2010.09.02 00:37:45 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\test [2010.09.02 00:33:45 | 000,000,000 | ---D | C] -- C:\Programme\doxygen [2010.09.02 00:23:28 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\IsolatedStorage [2010.09.02 00:11:55 | 000,000,000 | ---D | C] -- C:\Programme\Sandcastle [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.17 12:20:45 | 009,699,328 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT [2010.09.17 12:16:24 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4011727208-2204512221-339002600-1000UA.job [2010.09.17 12:16:10 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.17 12:16:10 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.17 12:16:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.17 03:03:18 | 001,595,776 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2 [2010.09.17 01:31:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4011727208-2204512221-339002600-1000Core.job [2010.09.17 00:13:20 | 000,002,521 | ---- | M] () -- C:\Users\XXX\Desktop\HiJackThis.lnk [2010.09.16 15:11:09 | 000,100,158 | ---- | M] () -- C:\Users\XXX\Desktop\musik_next.png [2010.09.16 15:10:47 | 000,100,172 | ---- | M] () -- C:\Users\XXX\Desktop\musik_play.png [2010.09.16 15:10:32 | 000,105,437 | ---- | M] () -- C:\Users\XXX\Desktop\musik_back.png [2010.09.16 15:10:08 | 000,131,347 | ---- | M] () -- C:\Users\XXX\Desktop\musik_1.png [2010.09.15 21:49:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.15 21:48:42 | 3153,125,376 | -HS- | M] () -- C:\hiberfil.sys [2010.09.15 21:47:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.15 21:45:05 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2010.09.15 21:45:05 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TM.blf [2010.09.15 21:41:02 | 003,345,387 | -H-- | M] () -- C:\Users\XXX\AppData\Local\IconCache.db [2010.09.14 12:28:17 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2010.09.13 02:56:55 | 000,012,288 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.11 18:51:23 | 001,778,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.10 00:12:41 | 001,894,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.10 00:12:41 | 000,790,042 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.10 00:12:41 | 000,750,772 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.10 00:12:41 | 000,189,386 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.10 00:12:41 | 000,163,768 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.10 00:12:02 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk [2010.09.10 00:04:28 | 000,128,096 | ---- | M] () -- C:\Users\XXX\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.09 22:10:43 | 000,000,079 | ---- | M] () -- C:\Windows\Wininit.INI [2010.09.09 21:40:46 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{0d9f80ed-6a70-11db-ade8-c54a08498d8c}.TMContainer00000000000000000001.regtrans-ms [2010.09.09 21:40:46 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{0d9f80ed-6a70-11db-ade8-c54a08498d8c}.TM.blf [2010.09.09 20:05:54 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk [2010.09.09 20:05:54 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.09.07 10:20:00 | 000,001,356 | ---- | M] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat [2010.09.06 21:15:56 | 000,002,675 | ---- | M] () -- C:\Users\XXX\Desktop\Microsoft PowerPoint 2010.lnk [2010.09.03 20:03:56 | 007,260,599 | ---- | M] () -- C:\Users\XXX\Desktop\Thesis_twoside_grau.pdf [2010.09.02 00:42:02 | 000,127,927 | ---- | M] () -- C:\Users\XXX\Desktop\Demolisher_ Demolisher.Buil...pdf [2010.09.02 00:17:34 | 000,004,540 | ---- | M] () -- C:\Windows\flash.fpr [2010.09.02 00:08:22 | 000,000,466 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010.09.01 17:40:47 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.08.30 21:59:54 | 000,000,011 | ---- | M] () -- C:\Users\XXX\Desktop\shutdown beenden.bat [2010.08.24 16:11:43 | 000,002,009 | ---- | M] () -- C:\Users\XXX\Documents\vlc-record-2010-08-24-16h11m41s-[Ne0]-Batman Begins (2005) [400MB][HDRIP].mkv-.mp4 [2010.08.24 02:04:54 | 005,477,397 | ---- | M] () -- C:\Users\XXX\Desktop\Menu.pptx [2010.08.23 14:36:40 | 000,016,757 | ---- | M] () -- C:\Users\XXX\Documents\kindergeld 2009.docx [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.17 00:11:13 | 000,002,521 | ---- | C] () -- C:\Users\XXX\Desktop\HiJackThis.lnk [2010.09.16 15:11:05 | 000,100,158 | ---- | C] () -- C:\Users\XXX\Desktop\musik_next.png [2010.09.16 15:10:43 | 000,100,172 | ---- | C] () -- C:\Users\XXX\Desktop\musik_play.png [2010.09.16 15:10:27 | 000,105,437 | ---- | C] () -- C:\Users\XXX\Desktop\musik_back.png [2010.09.16 15:10:00 | 000,131,347 | ---- | C] () -- C:\Users\XXX\Desktop\musik_1.png [2010.09.11 18:50:51 | 000,524,288 | -HS- | C] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2010.09.11 18:50:51 | 000,524,288 | -HS- | C] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2010.09.11 18:50:51 | 000,065,536 | -HS- | C] () -- C:\Users\XXX\NTUSER.DAT{793d5d44-bdc4-11df-8b18-005056c00008}.TM.blf [2010.09.10 00:12:00 | 000,001,928 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk [2010.09.09 22:10:43 | 000,000,079 | ---- | C] () -- C:\Windows\Wininit.INI [2010.09.09 20:05:54 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk [2010.09.09 20:05:54 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.09.03 20:03:56 | 007,260,599 | ---- | C] () -- C:\Users\XXX\Desktop\Thesis_twoside_grau.pdf [2010.09.03 00:44:30 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2010.09.03 00:44:30 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.09.03 00:44:30 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.09.02 00:42:02 | 000,127,927 | ---- | C] () -- C:\Users\XXX\Desktop\Demolisher_ Demolisher.Buil...pdf [2010.09.02 00:17:34 | 000,004,540 | ---- | C] () -- C:\Windows\flash.fpr [2010.09.02 00:08:22 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.08.30 21:59:31 | 000,000,011 | ---- | C] () -- C:\Users\XXX\Desktop\shutdown beenden.bat [2010.08.29 00:07:51 | 000,000,801 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Rim.Desktop.HttpServerSetup.log [2010.08.24 16:11:43 | 000,002,009 | ---- | C] () -- C:\Users\XXX\Documents\vlc-record-2010-08-24-16h11m41s-[Ne0]-Batman Begins (2005) [400MB][HDRIP].mkv-.mp4 [2010.08.23 14:36:38 | 000,016,757 | ---- | C] () -- C:\Users\XXX\Documents\kindergeld 2009.docx [2010.07.07 02:46:13 | 000,000,240 | ---- | C] () -- C:\Windows\apdfpr.ini [2010.04.05 22:46:45 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010.04.05 22:46:45 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010.04.05 22:46:45 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010.04.05 22:44:30 | 000,024,576 | ---- | C] () -- C:\Windows\System32\GUITOOLS.DLL [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.02.11 01:27:33 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll [2010.02.03 05:22:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2009.11.11 16:14:00 | 001,595,776 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2 [2009.10.18 11:48:21 | 000,000,840 | -H-- | C] () -- C:\Users\XXX\AppData\Roaming\vispa.ini [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.06.05 12:54:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.16 01:02:05 | 000,000,451 | ---- | C] () -- C:\Windows\WISO.INI [2009.02.21 13:45:23 | 003,086,336 | ---- | C] () -- C:\Windows\System32\NCMedia.dll [2009.02.21 13:45:23 | 003,086,336 | ---- | C] () -- C:\Windows\System32\flvvideo.dll [2009.02.21 13:45:23 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll [2008.12.24 11:38:38 | 000,144,384 | ---- | C] () -- C:\Windows\System32\miccyhook.dll [2008.11.15 13:14:15 | 000,154,224 | ---- | C] () -- C:\Users\XXX\AppData\Local\debuggee.mdmp [2008.09.11 14:07:24 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2008.09.11 14:06:48 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.09.06 17:22:42 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.08.24 13:55:42 | 007,034,368 | ---- | C] () -- C:\Windows\System32\BCC5 Render Engine 8BPC.dll [2008.08.15 17:00:28 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI [2008.07.16 19:14:22 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.07.16 19:14:21 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.07.16 16:48:23 | 000,022,328 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\PnkBstrK.sys [2008.07.16 15:50:24 | 000,012,288 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.16 15:22:36 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2008.07.16 15:02:13 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.07.16 12:58:01 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll [2008.07.16 12:58:01 | 000,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2008.07.16 12:54:31 | 000,024,294 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.07.16 12:54:27 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2008.07.16 12:54:15 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2008.07.16 12:46:44 | 000,001,356 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat [2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2010.04.26 14:27:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\.purple [2010.05.23 20:26:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Academic Software Zurich [2009.02.11 00:21:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Activision [2009.08.17 20:24:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AeroSnapApp [2010.09.17 00:11:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AIMP [2010.03.01 14:26:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AquaSoft [2010.06.04 01:02:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Autodesk [2009.05.16 01:07:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service [2009.05.16 01:07:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service GmbH [2009.04.10 09:38:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Bump Technologies, Inc [2009.07.13 16:05:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CoSoSys [2009.06.27 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools [2009.06.27 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite [2009.05.19 13:15:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DataDesign [2010.04.28 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\de.bild.desktop.A50E06F86BD8101EC58D2EAE22BF0ECEFF3314ED.1 [2010.09.16 22:31:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox [2009.10.29 23:26:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\gtk-2.0 [2008.11.08 00:21:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\JetBrains [2008.11.05 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech [2009.09.13 16:01:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Lost Marble [2010.05.28 16:45:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OgmoEditor.85BDBC80EE4F35100BB93248B138F1E7B6970617.1 [2010.09.07 19:54:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera [2009.10.20 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Red Alert 3 [2010.06.15 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Research In Motion [2010.03.15 01:02:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Soldat [2010.05.24 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Splinter Cell - Conviction [2008.11.07 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Subversion [2010.05.24 12:48:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thinstall [2010.09.09 20:05:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TuneUp Software [2009.08.07 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ubisoft [2009.02.23 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Windows Live Writer [2010.02.21 03:22:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WTouch [2010.09.15 21:47:07 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.04.26 14:27:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\.purple [2010.05.23 20:26:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Academic Software Zurich [2009.02.11 00:21:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Activision [2010.08.28 16:07:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Adobe [2009.08.17 20:24:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AeroSnapApp [2008.07.21 17:42:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ahead [2010.09.17 00:11:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AIMP [2010.06.17 18:32:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Apple Computer [2010.03.01 14:26:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AquaSoft [2008.07.16 13:11:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ATI [2010.06.04 01:02:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Autodesk [2009.05.16 01:07:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service [2009.05.16 01:07:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service GmbH [2009.04.10 09:38:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Bump Technologies, Inc [2009.07.13 16:05:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CoSoSys [2009.06.27 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools [2009.06.27 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite [2009.05.19 13:15:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DataDesign [2010.04.28 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\de.bild.desktop.A50E06F86BD8101EC58D2EAE22BF0ECEFF3314ED.1 [2010.06.17 15:46:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DivX [2010.09.16 22:31:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox [2010.08.05 23:09:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\dvdcss [2009.10.29 23:26:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\gtk-2.0 [2010.09.06 21:13:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Helper [2008.07.16 12:47:15 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Identities [2008.07.16 12:55:02 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\InstallShield [2008.11.08 00:21:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\JetBrains [2008.11.05 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech [2008.11.05 17:03:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Logitech [2009.09.13 16:01:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Lost Marble [2008.07.23 02:58:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Macromedia [2010.08.15 12:04:38 | 000,000,000 | --SD | M] -- C:\Users\XXX\AppData\Roaming\Microsoft [2008.07.16 13:18:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla [2010.05.28 16:45:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OgmoEditor.85BDBC80EE4F35100BB93248B138F1E7B6970617.1 [2010.09.07 19:54:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera [2009.10.20 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Red Alert 3 [2010.06.15 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Research In Motion [2009.06.27 20:02:02 | 000,000,000 | RH-D | M] -- C:\Users\XXX\AppData\Roaming\SecuROM [2010.03.15 01:02:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Soldat [2010.05.24 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Splinter Cell - Conviction [2008.11.07 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Subversion [2008.07.24 15:11:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sun [2010.05.24 12:48:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thinstall [2008.11.15 12:58:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TortoiseSVN [2010.09.09 20:05:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TuneUp Software [2009.08.07 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ubisoft [2010.09.17 12:18:32 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\vlc [2010.02.20 02:42:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\VMware [2009.02.23 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Windows Live Writer [2010.05.27 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WinRAR [2010.09.15 21:51:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WTablet [2010.02.21 03:22:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WTouch < %APPDATA%\*.exe /s > [2010.09.17 12:16:34 | 000,286,208 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Adobe\Update\dlgget.exe [2010.02.26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010.02.26 10:54:59 | 000,091,696 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Dropbox\bin\Uninstall.exe [2009.09.03 11:27:54 | 014,623,184 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Dropbox\cache\Dropbox-update-0.6.556.exe [2010.02.26 10:54:53 | 013,264,416 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Dropbox\cache\Dropbox-update-0.7.110.exe [2010.04.28 13:31:19 | 000,038,784 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2008.11.04 23:13:22 | 001,887,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\XXX\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2010.04.13 00:54:09 | 000,022,382 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{09710638-E0CD-4D60-92D3-CCC0080FB898}\SpeedLaunchShortcutIcon.exe [2008.11.05 17:03:31 | 000,010,134 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2010.09.17 00:11:13 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_0210F596990CC0F8467B7D.exe [2010.03.10 14:32:19 | 000,076,726 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_1C9762A6E36D683B979E96.exe [2010.03.10 14:32:19 | 000,010,134 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_2E97BF7FEB4C1EC32DA78C.exe [2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_2EFAB9F502AD21D177F2C9.exe [2010.03.10 14:32:19 | 000,078,555 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_34BF9608B95534C9DAF2CF.exe [2010.03.10 14:32:19 | 000,076,726 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_54F53FC549B7DD6EF05122.exe [2010.03.10 14:32:18 | 000,076,726 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_5ABA7F457238E3583E94C0.exe [2010.03.10 14:32:18 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_6FEFF9B68218417F98F549.exe [2010.03.10 14:32:19 | 000,078,555 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_9ED7215EF0AADF263FBFAC.exe [2010.03.10 14:32:19 | 000,076,726 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_9EEFE047281CD42A674D6C.exe [2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_B21DC0C9A66A9D359D1702.exe [2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_BDA9D139831B87395CEFE5.exe [2010.03.10 14:32:19 | 000,097,527 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_C08B8990FBA7DC1E28475E.exe [2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_C3306E791AAE11EADC1DA3.exe [2010.03.10 14:32:19 | 000,017,542 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_F782E19AF691D69A4E38F5.exe [2010.03.10 14:32:19 | 000,076,726 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{5D7C0D74-9E6B-4734-B087-38740640088A}\_F79A71886B92E08B36509D.exe [2010.06.25 16:02:15 | 000,029,926 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{729713E3-CFD5-4E9F-A301-5BD8EA25A28B}\_853F67D554F05449430E7E.exe [2008.07.16 13:05:45 | 000,009,158 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe [2009.05.16 01:02:14 | 000,000,766 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\ARPPRODUCTICON.exe [2009.05.16 01:02:14 | 000,102,400 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut10_B4FF87E14FE14F1F88FCF45D507E4C85.exe [2009.05.16 01:02:14 | 000,102,400 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut11_B4FF87E14FE14F1F88FCF45D507E4C85.exe [2009.05.16 01:02:14 | 000,131,072 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut12_B4FF87E14FE14F1F88FCF45D507E4C85.exe [2009.05.16 01:02:14 | 000,000,766 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut6_E1E4F3CEA34E46678DE9147249FAE468.exe [2009.05.16 01:02:14 | 000,069,632 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut7_B4FF87E14FE14F1F88FCF45D507E4C85.exe [2009.05.16 01:02:14 | 000,131,072 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{D8D22773-14BF-4178-A683-3DBA515C2A26}\NewShortcut9_B4FF87E14FE14F1F88FCF45D507E4C85.exe [2010.02.28 20:16:41 | 000,010,134 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{F20F8E93-3471-1808-AC39-7CE622FCBB4B}\ARPPRODUCTICON.exe [2010.07.13 09:35:44 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\ARPPRODUCTICON.exe [2010.07.13 09:35:44 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut1_FE2607FACB3C4E0CA7E2797ED759975C.exe [2010.07.13 09:35:44 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut2_FE2607FACB3C4E0CA7E2797ED759975C.exe [2010.07.13 09:35:44 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut4_FE2607FACB3C4E0CA7E2797ED759975C.exe [2010.07.13 09:35:44 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut6_FE2607FACB3C4E0CA7E2797ED759975C.exe [2010.07.13 09:35:44 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut7_9F3B26B4AC704A0D8B881AC73195456F.exe [2010.07.13 09:35:44 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}\NewShortcut9_9F3B26B4AC704A0D8B881AC73195456F.exe [2010.09.09 00:16:13 | 000,188,152 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\y716wsf7.default\FlashGot.exe [2010.08.03 21:38:38 | 000,400,728 | ---- | M] (Research In Motion Limited) -- C:\Users\XXX\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\BBDesktopInstaller.exe [2010.08.03 21:38:38 | 002,959,376 | ---- | M] (Microsoft Corporation) -- C:\Users\XXX\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\dotnetfx35setup.exe [2010.08.29 00:05:58 | 102,135,128 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Extractor.exe [2010.08.03 21:38:38 | 000,128,472 | ---- | M] (Macrovision Corporation) -- C:\Users\XXX\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Helper.exe [2010.08.03 21:38:40 | 001,821,192 | ---- | M] (Microsoft Corporation) -- C:\Users\XXX\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\vcredist_x86.exe [2010.05.24 16:18:13 | 000,923,424 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Splinter Cell - Conviction\Uninstall\unins000.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2010.06.24 22:28:24 | 681,867,016 | ---- | M] (Microsoft Corporation) -- C:\Office 2010 Proffessional Plus Morgan Stanley .exe [2010.07.31 20:49:10 | 466,607,696 | ---- | M] (Microsoft Corporation) -- C:\Office Language Pack German - Paid via Credit Card.exe < MD5 for: AGP440.SYS > [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.07.16 14:00:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.07.16 14:00:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.07.16 14:00:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.07.16 14:27:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2008.07.16 14:27:20 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.06.11 23:08:49 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.02.03 06:17:56 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2008.01.18 23:34:22 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll [2008.01.18 23:35:16 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll [2009.04.10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:81405BF2 < End of report > |
17.09.2010, 12:21 | #4 |
| sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) EXTRAS.TXTOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.09.2010 12:19:54 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\XXX\Downloads Windows Vista Business Edition N Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 698,63 Gb Total Space | 219,90 Gb Free Space | 31,48% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 1397,26 Gb Total Space | 996,65 Gb Free Space | 71,33% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX-PC Current User Name: XXX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Deutsch\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Deutsch\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02BBFFD0-3BE4-48A3-ABE0-379BCC56A008}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{10628F55-0DC1-40A2-A67D-843A65285D1A}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | "{11E915CB-E153-400A-BBF9-930EE374A85B}" = lport=139 | protocol=6 | dir=in | app=system | "{1AA3608C-DF02-400A-B352-59CBC4C3B991}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\deutsch\microsoft office\office14\outlook.exe | "{1C465998-5625-40E5-B2BB-5DB29F7AE015}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{262440CE-6014-4534-BFB4-FBDEF8BC7865}" = rport=139 | protocol=6 | dir=out | app=system | "{32D827FA-21CC-4245-9DF8-467F44F8C783}" = rport=137 | protocol=17 | dir=out | app=system | "{43364628-78AA-4A65-A576-BBB54E037FF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5BE8DAC7-0387-4D2B-B94E-EE564A5F98BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6A58D24D-B18F-442E-BC29-F6B3C178C89F}" = rport=445 | protocol=6 | dir=out | app=system | "{6CF2EC6E-2901-4E53-90DF-37D415D8DC3A}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | "{77497730-8898-4ECE-A643-9F10813FDAD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7B0B05B0-0D82-48AB-AF09-419821434841}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | "{97B26694-30D0-47E1-95B6-AACC6B3F0B82}" = rport=10243 | protocol=6 | dir=out | app=system | "{9B0B7493-F31F-4573-A196-8738C14E9A4C}" = lport=137 | protocol=17 | dir=in | app=system | "{CE4D48AE-52A8-4436-9B4C-288FD31081A0}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | "{D5D8ADB6-168F-4AB2-9177-AEF934509F83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D70ED734-D3DE-42B3-A446-D5F065CF550D}" = lport=2869 | protocol=6 | dir=in | app=system | "{E9366EB7-6BF2-40BA-B47C-8E7632A2E270}" = rport=138 | protocol=17 | dir=out | app=system | "{EAEBF600-B3C7-43BC-AAB6-099510BF9AAD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{ECED79CA-C1E0-42E9-A04F-946C0D85A566}" = lport=138 | protocol=17 | dir=in | app=system | "{EF879830-B17D-4CFF-B51C-A6A64979015B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F0A95DCB-7452-4D6D-A6D9-5D0A03B5DCFA}" = lport=10243 | protocol=6 | dir=in | app=system | "{FD7DB5E3-5A3E-4C21-A6AC-01C4015ACCAC}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0138B42B-6787-457A-A8C4-BE5F882D09C9}" = protocol=6 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx9.exe | "{01E3E68A-47CB-4640-914B-1ADC23BFE55A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{03F28BD7-C006-4094-BF2F-6183FE2812EE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0B9CCE50-CB91-420C-B027-C54084A08AB6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{0E3F259C-64AE-4119-AD75-DDFA5FEB5FD2}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | "{11CE9606-C5D4-4604-964B-9138218BB4AE}" = protocol=6 | dir=out | app=system | "{14C323A8-992B-43B1-B4DF-B66244660806}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{1866852B-3E6E-4A8C-A3EC-B375F385260D}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | "{1A3BFF76-44F9-4E41-B8F5-9DCCC7454C77}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{1AE2BF45-F2C8-43B1-9FE9-BC60884353E5}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v3.1\bin\xnaliveproxy.exe | "{1B15C9BC-A5BC-4C94-9603-AF3014A61944}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe | "{2AD84A11-CD82-433A-993B-589A80900A2E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{31D5D609-0314-4317-9061-FEC80D091FE1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{3870D421-0B39-438B-BFC2-5A1651E4DA01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3B05FB09-1BA1-4D54-96DF-B5948983EDC8}" = dir=in | app=c:\program files\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe | "{50D3FC7B-C678-4B4C-BE5E-D1794A7B452D}" = protocol=17 | dir=in | app=c:\program files\deutsch\microsoft office\office14\onenote.exe | "{51E1D90E-5F1F-46A2-A74E-3B8306C4ED47}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{5370992F-AB94-470E-8860-E1F530EEA9B7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{5411FAE7-F73E-4148-A6F3-94C965BD0ACD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{544672DD-86E1-482F-96FA-8C92780E8504}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{54AA24E6-7647-49B8-B0EC-E48983C27D8C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{564D530A-A34D-44D4-9F42-9E9D4091695D}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{66F8A5B2-FBED-42B1-9EBF-FFCF5AFFB464}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{68F1BE0F-BBA2-485D-B5E0-FF0FD8C9ABB9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6AA84C3B-D27A-4BD2-A660-939FD61C084C}" = protocol=6 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | "{6B88C9E5-FABD-4E59-BA90-6A724A2FEFD9}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{6E73ED82-C171-4DBC-AE8C-EAD62DAE5B6B}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{729E4167-E688-419C-B150-E18385C9C394}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{75F1DB2B-7BAA-4F4C-966E-D778E4E67206}" = protocol=6 | dir=in | app=c:\program files\deutsch\microsoft office\office14\groove.exe | "{775E3EEF-A6CD-46B5-89DD-141F9F984112}" = protocol=6 | dir=in | app=c:\program files\codemasters\dirt2 demo\dirt2.exe | "{85351BAD-B81F-43B3-AFD2-360283D5C20F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{863643DE-DF32-4071-B101-E0479600DB2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{8697A40B-0DEF-4C8B-A159-DC36D2EF651A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe | "{88343888-FDE5-4197-ADCF-A3EEB1A78F04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8B9EE1C4-233D-4966-910C-3C6DFE3E051C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8DA9216D-13DC-41B8-A53E-50BEE22E9EF2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8DF12103-30CC-4DE4-822C-BABF90883356}" = protocol=17 | dir=in | app=c:\program files\activision\x-men origins - wolverine(tm)\binaries\wolverine.exe | "{8E173918-A8D5-446D-BBAF-44AB2BB62812}" = protocol=17 | dir=in | app=c:\program files\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | "{94BBA058-D507-407C-9A02-CF154F57689F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{95F7B9C0-C320-4CD3-8288-3F64DCC93F28}" = protocol=6 | dir=in | app=c:\program files\activision\x-men origins - wolverine(tm)\binaries\wolverine.exe | "{96C4D8F3-3475-4231-91D2-CF6913C71546}" = protocol=6 | dir=in | app=c:\program files\deutsch\microsoft office\office14\onenote.exe | "{9891D1FD-DAA9-4624-BBF4-003859F3E25C}" = protocol=17 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx9.exe | "{9AB07861-B510-42E0-A791-CBF22C135747}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{A19324AB-5CFB-4D1B-954D-10D289BB4889}" = protocol=6 | dir=in | app=c:\program files\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe | "{A1D6145A-64EF-4795-B800-0590B1627E24}" = protocol=17 | dir=in | app=c:\program files\codemasters\dirt2 demo\dirt2.exe | "{AAE6CDB0-B8E3-4CEE-B4CF-23D3C52B63FA}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | "{B3D31B10-983A-4D1F-92E2-971A2C9BBA1E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BAB8E59B-27DC-4B4B-BD85-79AADA48241C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{BD1E4613-8E4E-4F2B-8F9B-80ABE1304316}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "{BE90B789-DC2E-4CF0-B8E5-E589E2ADD839}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BFBA6019-29BE-4CBD-8C8E-27DB7833F628}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "{C052297A-7E2D-4C15-AA97-03EA02A773CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C568CEE7-A700-4084-B487-838D167AE06C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | "{C7CA7F33-0623-4208-B69A-C218F9165E99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C86DAD98-B8D2-4423-81CE-B233451EAF65}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{D0842EF9-BF0E-4609-9A14-33C59044AB15}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\princeofpersia_launcher.exe | "{D31F5D6A-0973-48EA-B10D-17B0C2D1B9D5}" = protocol=17 | dir=in | app=c:\program files\deutsch\microsoft office\office14\groove.exe | "{D465271A-E4FE-4AE8-80AA-BDC0DC5C69CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D7B63FA5-290C-4155-B45C-F54D1B9DA533}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D880A591-08E3-4D15-ABF1-59CD0127D7EC}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{DEF0E6BB-0533-4D2F-88C2-E25F508EA3BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{DF118333-72F2-4A80-8E14-740C97B8DEAB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{DF502116-0DDC-418C-95E4-0A631C347985}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{E35D8FD0-B689-4D04-BF75-91628CD50F8F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{E5255AE1-65BC-42D3-A109-D59052B1D539}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E9BA71F2-B9C4-48DF-A938-DB6481E5DAF5}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{EADE46AB-57C6-4451-87AB-C495F1149130}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{EC6806D6-08BE-48BC-8C7F-45C75DDB9386}" = protocol=17 | dir=in | app=c:\program files\ubisoft\prince of persia\prince of persia.exe | "{ED2374A5-72C7-4C91-B5C8-817BD928E6E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EDC7EDBB-0D56-4B0C-8000-6C731493ABFA}" = protocol=17 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | "{F325B8DD-C9C8-4D6B-8F34-4BA2724670FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{082B863C-4F38-42AB-8AA6-3C34CD3A5D11}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{08966EF8-1B31-4F2C-A4D0-2A1181BEBF24}C:\gp409_rc4_2009\gp409_rc4\gp4.exe" = protocol=6 | dir=in | app=c:\gp409_rc4_2009\gp409_rc4\gp4.exe | "TCP Query User{1869BAEC-DE13-42CA-A66B-49C754EC0712}C:\program files\java\jdk1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_07\bin\java.exe | "TCP Query User{2A07D91C-A085-4881-9F2D-49A3B005EB69}C:\program files\codemasters\dirt\dirt.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\dirt\dirt.exe | "TCP Query User{3EC7D343-3CBC-4858-89B6-3F1673AD4B49}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{4422ABAE-91FD-4525-8891-E9B9B3F957F3}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe | "TCP Query User{54EFDD06-2055-47B6-9B27-4B9CE8F25D82}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | "TCP Query User{559FD99E-36C7-43A3-B1E0-D2254CE09C71}C:\program files\codemasters\dirt\dirt.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\dirt\dirt.exe | "TCP Query User{6C4F187C-D557-489C-BC16-0D72CC41E36B}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{7186D353-E12F-4235-B4D3-C3D21E6E4A99}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{74CD7EE5-9F0D-4AE0-AB7B-789BE719C746}C:\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse\eclipse.exe | "TCP Query User{78B943CF-EB8D-4898-8C11-7D22C3A37921}C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe" = protocol=6 | dir=in | app=c:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe | "TCP Query User{7FF973CB-902F-41F6-B02E-B79B57F64286}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{81E59778-CA0D-4963-A6EA-DAEEE71965D1}C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | "TCP Query User{82DBF1DE-8E30-4637-BEC0-705FF74EEC13}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{973F2630-CCE5-48E5-B027-FDFAF6FF2F4F}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{A4352A95-C7D4-4883-80A7-C73D271BA100}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{A52396B6-3532-4EBE-B7F8-8D94494BBB1B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{B000EE16-4879-4016-9874-A47266CE9C89}C:\program files\r.g. mechanics\splinter cell - conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files\r.g. mechanics\splinter cell - conviction\src\system\conviction_game.exe | "TCP Query User{B420EB65-9515-42D8-8CDB-09B4A3F38379}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{B5780DB7-B819-4087-90BC-AA2E3EB01958}C:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe | "TCP Query User{C2D6ED38-61AA-418D-8300-2BD5F05AE173}C:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe | "TCP Query User{CC8992C4-A163-494B-9B8A-97E49D8AAF22}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | "TCP Query User{D878B7B1-2333-47D0-8937-68253DA0D9A9}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{E733B3B8-85C2-4C52-A8AE-9FA5A7A0E52F}C:\program files\r.g. mechanics\splinter cell - conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files\r.g. mechanics\splinter cell - conviction\src\system\uplaybrowser.exe | "TCP Query User{EA4A6B14-2E63-468A-ADE4-768CF35615E2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{EC92845D-F5B0-4857-9545-09F1EAA55746}C:\program files\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_07\jre\bin\java.exe | "TCP Query User{F245376D-A645-4FCD-AB78-717487F1F437}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{F6C53B78-975D-4C6C-9207-A754A5ED3958}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{FAB4BEB7-DE3F-415B-A338-9A4D5F62A821}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{FEC44ED2-DFB2-4778-8A6B-547FA3493E36}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{FF6A7021-80B3-4353-84C5-F91F8B09921E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{0FF1F6D8-A1D2-415F-B40E-0B2A0FC9ACDB}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{17CE954B-C712-4960-B130-9A5C7C6241E6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{1D6D9927-9D18-4DBA-8395-AE4EFCCC0E00}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | "UDP Query User{1EB6CF69-0A86-4C5B-8478-8D388800CDA3}C:\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse\eclipse.exe | "UDP Query User{217E3202-0733-4CE1-BD7A-42AE177A0429}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{23546DD3-920F-47A3-BFBD-4CE99244EDC8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{2C8D39D2-F5D8-48B3-AC62-B310F2C9F7D3}C:\gp409_rc4_2009\gp409_rc4\gp4.exe" = protocol=17 | dir=in | app=c:\gp409_rc4_2009\gp409_rc4\gp4.exe | "UDP Query User{2D5CA029-14F3-46FB-8A99-146D516B9A2C}C:\program files\codemasters\dirt\dirt.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\dirt\dirt.exe | "UDP Query User{441C45FE-2A6F-49B9-B763-56FF6B07A737}C:\program files\r.g. mechanics\splinter cell - conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files\r.g. mechanics\splinter cell - conviction\src\system\uplaybrowser.exe | "UDP Query User{4832200E-689E-40F9-B40C-F918C15AF591}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{4CC8BBCE-5B1C-481B-9D8B-1272C6157FF8}C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe" = protocol=17 | dir=in | app=c:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe | "UDP Query User{5340D743-E7CB-4A02-8C3B-9D9DED0D9B96}C:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe | "UDP Query User{5A5A76AF-6D4F-4C0F-B85D-FF885409C492}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{699A6D03-7A85-41CC-B30D-6AB6AFFDE38F}C:\program files\java\jdk1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_07\bin\java.exe | "UDP Query User{6B16AB53-0D87-4643-89CE-939D05ABF797}C:\program files\java\jdk1.6.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_07\jre\bin\java.exe | "UDP Query User{705B5DEE-A3FE-46D3-838E-10D2739E0A3B}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{706E0E78-7068-4F16-A4E6-7E7F69F0C09F}C:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio 9.0\common7\ide\devenv.exe | "UDP Query User{8E9D5870-F100-4AA2-A854-11AF485A18B3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{8FA3B5C3-D0FE-48A4-BFD6-7EEFA34E9065}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{943F73D9-28E8-459A-9308-F05419039462}C:\program files\r.g. mechanics\splinter cell - conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files\r.g. mechanics\splinter cell - conviction\src\system\conviction_game.exe | "UDP Query User{96AFEF9B-8A06-4D0E-B293-EA24D3B4E2F8}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{97A76CE8-E96E-4447-AC12-DCE3D56342BC}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{9C22FAA5-08C7-48EF-B95D-137334A49057}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{9FA33896-D48D-48E7-A190-6367ABDE144E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{AB15BE9B-A75B-4F76-8F2D-79EA52A1BFAE}C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | "UDP Query User{B1DA9D83-6EB3-45FC-9D6F-0163BE7BC3D3}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{C85221EC-9BDB-4DBE-BC14-E97EE67B74D6}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | "UDP Query User{CED3B52E-DEE6-4947-A570-688C27A7740E}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{DB202EEC-2D26-4179-B874-424C1A5B806F}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe | "UDP Query User{DF224C23-4C6E-476F-897D-D636DE4C72CB}C:\program files\codemasters\dirt\dirt.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\dirt\dirt.exe | "UDP Query User{E4B149A3-E5F2-49FF-A508-D2F041591E83}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{FEA2511B-3A3A-4081-BD8A-C34347F8D99D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer) "{00CC55E1-EA68-22D4-92DF-B94F287DCE40}" = ccc-core-static "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial "{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools "{0742B739-DCA3-4A21-AADD-B7CBF49C2058}" = Adobe Premiere Pro CS3 Third Party Content "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{09710638-E0CD-4D60-92D3-CCC0080FB898}" = Speed Launch from Microsoft Office Labs "{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists) "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework "{0E76D6D4-5EFD-0714-1E65-E5B0ED1C9731}" = Catalyst Control Center Core Implementation "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie "{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB) "{1254DE46-CA5B-40D8-A699-E3C548CED02A}" = VisualSVN 1.5.2 "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{185D0A67-E066-44AE-926D-F6305813301C}" = Adobe After Effects CS3 Presets "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1DCCB2B0-A482-464F-94F6-1219693E34F0}_is1" = AeroSnap 0.61 "{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20AC583C-A6FB-410A-807D-25308225C201}" = Paint.NET v3.35 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU "{24D20EF7-2066-42A8-91DB-952636384E42}" = AquaSoft PhotoKalender "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{27C0CED3-E9FA-4EA0-96AA-FAECE5F81031}" = Nero 7 Essentials "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types "{2D206DBD-6491-26BD-0DFA-165AA8A0CFFD}" = Catalyst Control Center Graphics Light "{2D3B4614-7291-583D-A925-476924FF5A5F}" = Catalyst Control Center Graphics Previews Common "{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools "{2E402AA9-5C0E-45E7-8E70-C23FA0F265D5}" = Microsoft XNA Game Studio 3.1 (devenv) "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7 "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver "{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition "{44180AF6-7A2A-B2C6-CBC9-AF2547AFD8E6}" = ATI Catalyst Install Manager "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{49389932-51FA-4D26-8B4F-CE86B24302C2}" = TortoiseSVN 1.5.5.14361 (32 bit) "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects "{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client "{4F702A4B-D39C-44E6-95A2-A6C9179303DB}" = WD Drive Manager (x86) "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{55ACE462-F309-4650-BE4E-F1008D6D8726}" = Microsoft Visual Studio ProjectAggregator2 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{56C64E81-FC93-4cb9-9EBF-953662950D3B}_is1" = Delete Virtual-Mate Launcher "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5B479C22-7B50-5D31-7BD9-02D1260254D3}" = Catalyst Control Center HydraVision Full "{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player "{5D7C0D74-9E6B-4734-B087-38740640088A}" = Neoforce Controls "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin "{60B87ADA-167E-4239-AD64-40992C8D220F}" = Adobe After Effects CS3 Third Party Content "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{6D372DFB-666E-FD3D-8B23-C116A8F5A643}" = Catalyst Control Center Graphics Full Existing "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{6E994B82-FE8B-2777-295A-4D6F4314E8DD}" = ccc-utility "{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7162AC2C-733F-4127-ACAD-C5F0F27D123D}" = Adobe Creative Suite 3 Master Collection "{729713E3-CFD5-4E9F-A301-5BD8EA25A28B}" = COMPUTERBILD-PC-Schnellstarter "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3 "{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia "{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3 "{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R) "{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010 "{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes "{93F8CD3C-438A-49D4-8BB9-B2CF70C3E250}" = My Expose "{94984536-3F27-5800-E537-DA39F62784CB}" = HydraVision "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone "{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1 "{99312C08-19A1-4B20-9F1D-3BCEED582278}" = Adobe Soundbooth CS3 Codecs "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2 "{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}" = Adobe Setup "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2429601-32E2-4981-918E-0971CF24B1D5}" = Boris Continuum Complete 5 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player "{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}" = Adobe Premiere Pro CS3 "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008 "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components) "{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3D726D7-12FC-B85D-E6C9-54536827A01A}" = Catalyst Control Center Graphics Previews Vista "{B613BCC6-D542-4A86-BC7B-205A6ADEA46F}" = Microsoft Live Labs Pivot "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools "{C176CB21-4E7D-D56D-905B-F4A4CB1301AD}" = Catalyst Control Center Graphics Full New "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3 "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0B1DC23-A171-45D3-A3CA-97E20290D124}" = JetBrains ReSharper 4.1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D3BD4C42-B54D-DD47-68EC-5DD1D6097E6F}" = CCC Help English "{D428AB95-35B2-4868-B656-5C316E25EC69}" = Microsoft SQL Server 2008 Database Engine Services "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional "{DA20D1D5-34A7-4CC6-A7B7-74C69864A357}" = Sandcastle "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) "{DD0B06AD-5E55-41be-88E5-E9D13BAF06F4}" = Context Free "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DF781E6F-BF29-4340-BEFB-09F7511B424D}" = Microsoft SQL Server 2008 Database Engine Services "{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy) "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade "{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry) "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2 "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F20F8E93-3471-1808-AC39-7CE622FCBB4B}" = Catalyst Control Center InstallProxy "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86) "{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}" = WISO Bewerbung 2008 "{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion "{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Adobe_8bb24e071e5922899698c2105557bd2" = Add or Remove Adobe Creative Suite 3 Master Collection "AIMP2" = AIMP2 "AquaSoft PhotoKalender" = AquaSoft PhotoKalender "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "BlackBerry MDS Studio Plugin Edition 2.0.0" = BlackBerry MDS Studio Plugin Edition 2.0.0 "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0 "Citavi" = Citavi 2.5 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CPUID CPU-Z_is1" = CPUID CPU-Z 1.51 "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "doxygen_is1" = doxygen 1.7.1 "Englisch für Dummies" = Englisch für Dummies "EPSON Printer and Utilities" = EPSON-Drucker-Software "FerrariVR" = Ferrari Virtual Race (remove only) "Freez FLV to AVI/MPEG/WMV Converter 1.5_is1" = Freez FLV to AVI/MPEG/WMV Converter "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen) "HTML Help Workshop" = HTML Help Workshop "InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood "InterActual Player" = InterActual Player "KeyTweak" = KeyTweak - Keyboard Remapper (remove only) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Mozilla Firefox 4.0b6 (x86 de)" = Mozilla Firefox 4.0b6 (x86 de) "nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2 "nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1 "Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Office14.VISIOR" = Microsoft Visio Professional 2010 "OpenAL" = OpenAL "Pen Tablet Driver" = Stifttablett "Pidgin" = Pidgin "SciPlore MindMapping" = SciPlore MindMapping "SopCast" = SopCast 3.2.9 "Splinter Cell - Conviction_is1" = Splinter Cell - Conviction "TmNationsForever_is1" = TmNationsForever "Trials 2 Second Edition_is1" = Trials 2 Second Edition v1.08 "TuneUp Utilities" = TuneUp Utilities "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 1.0.0 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Worms Armageddon" = Worms Armageddon "XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4011727208-2204512221-339002600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Google Translator" = Google Translator "maComfort" = maComfort "Sudoku-X" = Sudoku-X "Unite Media Player" = Unite Media Player "WinSetupFromUSB" = WinSetupFromUSB ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.12.2009 17:29:58 | Computer Name = XXX-PC | Source = MsiInstaller | ID = 11305 Description = Error - 01.12.2009 17:30:56 | Computer Name = XXX-PC | Source = VSS | ID = 8194 Description = Error - 01.12.2009 17:39:55 | Computer Name = XXX-PC | Source = VSS | ID = 8194 Description = Error - 01.12.2009 17:41:14 | Computer Name = XXX-PC | Source = System Restore | ID = 8193 Description = Error - 02.12.2009 12:10:46 | Computer Name = XXX-PC | Source = Google Update | ID = 20 Description = Error - 05.12.2009 08:11:15 | Computer Name = XXX-PC | Source = Google Update | ID = 20 Description = Error - 06.12.2009 18:25:07 | Computer Name = XXX-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Prince of Persia.exe, Version 1.0.0.0, Zeitstempel 0x491b2932, fehlerhaftes Modul Prince of Persia.exe, Version 1.0.0.0, Zeitstempel 0x491b2932, Ausnahmecode 0xc0000005, Fehleroffset 0x003d3ea7, Prozess-ID 0x151c, Anwendungsstartzeit 01ca76bd52cb9290. Error - 07.12.2009 17:51:25 | Computer Name = XXX-PC | Source = VSS | ID = 8194 Description = Error - 07.12.2009 17:57:54 | Computer Name = XXX-PC | Source = VSS | ID = 8194 Description = Error - 07.12.2009 17:59:42 | Computer Name = XXX-PC | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 11.09.2010 12:50:36 | Computer Name = XXX-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 11.09.2010 um 18:47:57 unerwartet heruntergefahren. Error - 11.09.2010 12:52:12 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026 Description = Error - 14.09.2010 06:31:37 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026 Description = Error - 14.09.2010 19:43:15 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026 Description = Error - 15.09.2010 14:39:56 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7031 Description = Error - 15.09.2010 14:40:13 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7031 Description = Error - 15.09.2010 14:40:59 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7034 Description = Error - 15.09.2010 14:43:46 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7034 Description = Error - 15.09.2010 15:50:18 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026 Description = Error - 15.09.2010 16:00:14 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7034 Description = < End of report > |
17.09.2010, 13:10 | #5 |
/// Malware-holic | sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) |
Themen zu sehr langsames betriebssystem & browser von einem tag auf den anderen (Crysis geht aber ohne prob.) |
adobe, antivir guard, avg, avira, bho, browser, browser absturz, computer, defender, desktop, down, dropbox, einzelne nicht geladene internetseiten, excel, firefox, helper, hijack, hijackthis, internet, internet explorer, langsames system, mozilla, plug-in, registry, rundll, runterfahren, sehr langsam, senden, software, studio, taskmanager, vista, visual studio, windows, wird in 1er min herunterfahren |