Trojaner-Board - Antimalware Doctor + (evtl weitere Schädlinge?) Reste entfernen

Hallo zusammen.
Ich hab mir wohl gestern abend irgendwie den Antimalware Doctor eingefangen und versucht ihn nach dieser Anleitung hier aus dem Board:
http://www.trojaner-board.de/83172-a...entfernen.html zu entfernen.

Hab MBAM bestimmt 2-3x laufen lassen und er hat immer wieder was gefunden.

Das is die MBAM Log vom 1. Mal:

Code:

Malwarebytes' Anti-Malware 1.45

w*w.malwarebytes.org
 

Datenbank Version: 3930
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904
 

08.04.2010 22:00:34

mbam-log-2010-04-08 (22-00-34).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 271664

Laufzeit: 47 Minute(n), 0 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 1

Infizierte Registrierungsschlüssel: 7

Infizierte Registrierungswerte: 6

Infizierte Dateiobjekte der Registrierung: 5

Infizierte Verzeichnisse: 1

Infizierte Dateien: 13
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

C:\Windows\System32\nmklo.dll (Worm.MarioFev) -> Delete on reboot.
 

Infizierte Registrierungsschlüssel:

HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\SlysBitch (Bifrose.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windefence32 (Backdoor.Bifrose) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Worm.Prolaco.M) -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
 

Infizierte Verzeichnisse:

C:\Windows\System32\WinDefence (Bifrose.Trace) -> Quarantined and deleted successfully.
 

Infizierte Dateien:

C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

C:\Users\User\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\System32\nmklo.dll (Worm.MarioFev) -> Delete on reboot.

C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\User\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

C:\Users\User\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\User\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

C:\Windows\System32\cooper.mine (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\System32\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\User\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

2. Mal: (Quick Scan)

Code:

Malwarebytes' Anti-Malware 1.45

w*w.malwarebytes.org
 

Datenbank Version: 3930
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904
 

08.04.2010 22:20:59

mbam-log-2010-04-08 (22-20-59).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 115452

Laufzeit: 3 Minute(n), 53 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 2

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

C:\Users\User\AppData\Local\Temp\Bsr.exe (Trojan.FakeAlert) -> Delete on reboot.

3. Mal

Code:

Malwarebytes' Anti-Malware 1.45

w*w.malwarebytes.org
 

Datenbank Version: 3930
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904
 

08.04.2010 23:20:32

mbam-log-2010-04-08 (23-20-32).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|M:\|)

Durchsuchte Objekte: 271802

Laufzeit: 46 Minute(n), 6 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 2

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

4. Mal:

Code:

Malwarebytes' Anti-Malware 1.45

w*w.malwarebytes.org
 

Datenbank Version: 3930
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904
 

09.04.2010 10:47:06

mbam-log-2010-04-09 (10-47-06).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 271655

Laufzeit: 45 Minute(n), 55 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 2

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Jetzt scheint zwar das gröbste weg zu sein aber in der Hijack Log finden sich immernoch n paar dubiose Sachen. Insbesondere "O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - (no file)" kommt mir komisch vor.

Meine aktuelle HijackThis Log:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:31:36, on 09.04.2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal
 

Running processes:

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

O1 - Hosts: ::1 localhost

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Fabian\Anwendungen\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Steam] "D:\Fabian\Spiele\Steam2\Steam.exe" -silent

O4 - HKCU\..\Run: [ICQ] "D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe" silent

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Startup: Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Rainmeter.exe - Verknüpfung.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe (file missing)

O13 - Gopher Prefix: 

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: nmklo

O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - (no file)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - D:\Fabian\Anwendungen\Hamachi2.0\hamachi-2.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 

--

End of file - 8237 bytes

und meine RSIT info:

Code:

info.txt logfile of random's system information tool 1.06 2010-04-09 11:24:11
 

======Uninstall list======
 

-->C:\Program Files (x86)\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

-->C:\Windows\UNNeroShowTime.exe /UNINSTALL

-->C:\Windows\UNNeroVision.exe /UNINSTALL

-->C:\Windows\UNRecode.exe /UNINSTALL

-->MsiExec /X{54194F60-988C-4D03-B922-C2B00EFDA39A}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe Dreamweaver CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\25db75244653b42cb93dc27939d1c0e\Setup.exe

Adobe Dreamweaver CS3-->MsiExec.exe /I{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}

Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Reader 9.3.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}

Adobe Setup-->MsiExec.exe /I{7D386596-0E80-4808-8AAE-C1DDA8212F7F}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

ANNO 1404 - Venedig-->"C:\Program Files (x86)\InstallShield Installation Information\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}\setup.exe" -runfromtemp -l0x0007 -removeonly

ANNO 1404-->"C:\Program Files (x86)\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly

Any DVD Converter Professional 3.7.1-->"D:\Fabian\Anwendungen\AnyDVD Converter Professional\unins000.exe"

Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

AVI/MPEG/RM/WMV Splitter 4.28-->"D:\Fabian\Anwendungen\VirtualDub\unins000.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE

Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}

CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"

EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\Uninstall.exe

EVEREST Ultimate Edition v5.30-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"

FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}

Free YouTube to iPod Converter version 3.2-->"D:\Fabian\Anwendungen\Free YouTube to iPod Converter\unins000.exe"

FUSSBALL MANAGER 10 DEMO-->D:\Fabian\Spiele\FM10\eauninstall.exe

FUSSBALL MANAGER 10-->D:\Fabian\Spiele\FM10\eauninstall.exe

Haali Media Splitter-->"D:\Fabian\Anwendungen\PopCorn MKV AudioConverter\MatroskaSplitter\uninstall.exe"

Hattrick Organizer (remove only)-->D:\Fabian\Anwendungen\Hattrick Organizer\Uninstall.exe

HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""

ICQ6.5-->"C:\Program Files (x86)\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly

Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}

KoolPlaya-->D:\Fabian\Zip und Setups\Koolplaya.exe /uninstall

LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL

LogMeIn Hamachi-->MsiExec.exe /I{067EC517-9731-43FD-B4D5-296EE0027BBB}

Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}

Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}

Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}

Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}

Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}

Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}

Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}

Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}

Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}

Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mozilla Firefox (3.6.3)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}

Napster-->C:\Program Files (x86)\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0007 -removeonly

Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891031}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA PhysX-->MsiExec.exe /X{54194F60-988C-4D03-B922-C2B00EFDA39A}

NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask

OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U

PixiePack Codec Pack-->MsiExec.exe /I{9C450606-ED24-4958-92BA-B8940C99D441}

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

Rainmeter (remove only)-->"C:\Program Files\Rainmeter\uninst.exe"

Rapture3D 2.3.22 Game-->"C:\Program Files (x86)\BRS\unins000.exe"

RayV-->C:\Program Files (x86)\RayV\RayV\uninstall.exe

Realtek 8136 8168 8169 Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0007 -removeonly

Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709

RocketDock 1.3.5-->"C:\Program Files (x86)\RocketDock\unins000.exe"

SimpleSYN 2.0-->MsiExec.exe /X{1F7C6BBA-4C5B-46C1-A20B-4EA961057B89}

SopCast 3.2.4-->D:\Fabian\Anwendungen\SopCast\uninst.exe

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

VLC media player 1.0.2-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

Xvid 1.2.2 final uninstall-->"D:\Fabian\Anwendungen\XviD\unins001.exe"
 

=====HijackThis Backups=====
 

O4 - HKCU\..\Policies\Explorer\Run: [WinDefence] C:\Windows\system32\WinDefence\windefence32.exe [2010-04-08]

O4 - HKLM\..\Policies\Explorer\Run: [WinDefence] C:\Windows\system32\WinDefence\windefence32.exe [2010-04-08]

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  [2010-04-09]

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2010-04-09]

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.10.34.21:3128 [2010-04-09]

O2 - BHO: (no name) - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - (no file) [2010-04-09]
 

======Security center information======
 

AV: AntiVir Desktop

AS: AntiVir Desktop

AS: Windows-Defender
 

======System event log======
 

Computer Name: PC6

Event Code: 51

Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk3\DR4.

Record Number: 68807

Source Name: disk

Time Written: 20091224004752.424007-000

Event Type: Warnung

User: 
 

Computer Name: PC6

Event Code: 51

Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk3\DR4.

Record Number: 68806

Source Name: disk

Time Written: 20091224004752.424007-000

Event Type: Warnung

User: 
 

Computer Name: PC6

Event Code: 51

Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk3\DR4.

Record Number: 68805

Source Name: disk

Time Written: 20091224004752.424007-000

Event Type: Warnung

User: 
 

Computer Name: PC6

Event Code: 51

Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk3\DR4.

Record Number: 68804

Source Name: disk

Time Written: 20091224004752.424007-000

Event Type: Warnung

User: 
 

Computer Name: PC6

Event Code: 51

Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk3\DR4.

Record Number: 68803

Source Name: disk

Time Written: 20091224004752.424007-000

Event Type: Warnung

User: 
 

=====Application event log=====
 

Computer Name: LH-GWB0OXBYBV49

Event Code: 4625

Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.

Record Number: 5

Source Name: Microsoft-Windows-EventSystem

Time Written: 20091013163000.000000-000

Event Type: Informationen

User: 
 

Computer Name: LH-GWB0OXBYBV49

Event Code: 900

Message: Der Softwarelizenzierungsdienst wird gestartet.
 

Record Number: 4

Source Name: Microsoft-Windows-Security-Licensing-SLC

Time Written: 20091013163000.000000-000

Event Type: Informationen

User: 
 

Computer Name: LH-GWB0OXBYBV49

Event Code: 1531

Message: Der Benutzerprofildienst wurde erfolgreich gestartet.  
 
 

Record Number: 3

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20091013163000.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: 26L2233A1-13

Event Code: 2

Message: Der Zertifikatdiensteclient wurde angehalten.

Record Number: 2

Source Name: Microsoft-Windows-CertificateServicesClient

Time Written: 20061102160003.208200-000

Event Type: Informationen

User: 
 

Computer Name: 26L2233A1-13

Event Code: 2

Message: Der Zertifikatdiensteclient wurde angehalten.

Record Number: 1

Source Name: Microsoft-Windows-CertificateServicesClient

Time Written: 20061102160003.145800-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

=====Security event log=====
 

Computer Name: 26L2233A1-13

Event Code: 4902

Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.
 

        Anzahl von Elementen:        0

        Richtlinienkennung:        0x7fbd8

Record Number: 5

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091013162939.065290-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: 26L2233A1-13

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-0-0

        Kontoname:                -

        Kontodomäne:                -

        Anmelde-ID:                0x0
 

Anmeldetyp:                        0
 

Neue Anmeldung:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Prozessinformationen:

        Prozess-ID:                0x4

        Prozessname:                
 

Netzwerkinformationen:

        Arbeitsstationsname:        -

        Quellnetzwerkadresse:        -

        Quellport:                -
 

Detaillierte Authentifizierungsinformationen:

        Anmeldeprozess:                -

        Authentifizierungspaket:        -

        Übertragene Dienste:        -

        Paketname (nur NTLM):        -

        Schlüssellänge:                0
 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

         - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 4

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091013162937.723682-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: 26L2233A1-13

Event Code: 4608

Message: Windows wird gestartet.
 

Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird.

Record Number: 3

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091013162937.723682-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: 26L2233A1-13

Event Code: 4647

Message: Benutzerinitiierte Abmeldung:
 

Antragsteller:

        Sicherheits-ID:                S-1-5-21-3991871189-2232181320-2112149827-500

        Kontoname:                Administrator

        Kontodomäne:                26L2233A1-13

        Anmelde-ID:                0x92456
 

Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.

Record Number: 2

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20061102160004.159800-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: 26L2233A1-13

Event Code: 4634

Message: Ein Konto wurde abgemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-7

        Kontoname:                ANONYMOUS LOGON

        Kontodomäne:                NT AUTHORITY

        Anmelde-ID:                0x1f471
 

Anmeldetyp:                        3
 

Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.

Record Number: 1

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20061102160003.192600-000

Event Type: Überwachung erfolgreich

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=4

"CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
 

-----------------EOF-----------------

und RSIT log:

Code:

Logfile of random's system information tool 1.06 (written by random/random)

Run by User at 2010-04-09 11:24:09

Microsoft® Windows Vista™ Ultimate  Service Pack 2

System drive C: has 17 GB (23%) free of 76 GB

Total RAM: 4094 MB (67% free)
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:24:10, on 09.04.2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal
 

Running processes:

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\CCleaner\CCleaner.exe

M:\anti\RSIT.exe

C:\Program Files (x86)\Trend Micro\HijackThis\User.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

O1 - Hosts: ::1 localhost

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Fabian\Anwendungen\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Steam] "D:\Fabian\Spiele\Steam2\Steam.exe" -silent

O4 - HKCU\..\Run: [ICQ] "D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe" silent

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Startup: Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Rainmeter.exe - Verknüpfung.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe (file missing)

O13 - Gopher Prefix: 

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: nmklo

O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - (no file)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - D:\Fabian\Anwendungen\Hamachi2.0\hamachi-2.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 

--

End of file - 8328 bytes
 

======Scheduled tasks folder======
 

C:\Windows\tasks\User_Feed_Synchronization-{7EFB0A09-63F3-4369-A515-95410BC21F7D}.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

Locked
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-09-05 417792]

"iTunesHelper"=D:\Fabian\Anwendungen\iTunes\iTunesHelper.exe []

"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-14 149280]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

"NBKeyScan"=C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Steam"=D:\Fabian\Spiele\Steam2\Steam.exe -silent []

"ICQ"=D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe silent []

"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
 

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

Rainmeter.exe - Verknüpfung.lnk - C:\Program Files (x86)\Rainmeter\Rainmeter.exe
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="nmklo"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953}
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoFolderOptions"=0
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"ForceActiveDesktopOn"=

"BindDirectlyToPropertySetStorage"=
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{161918f6-c008-11de-9581-0019dbd107a2}]

shell\AutoRun\command - L:\LaunchU3.exe -a
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32564761-f3c4-11de-8900-0019dbd107a2}]

shell\access\command - I:\.\sgportable\SGPortable.exe

shell\AutoRun\command - I:\.\sgportable\SGPortable.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e6fdaa5-c603-11de-b131-0019dbd107a2}]

shell\AutoRun\command - L:\SETUP.EXE
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66b312cc-ce0f-11de-9254-0019dbd107a2}]

shell\AutoRun\command - 1
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea521c2c-f762-11d4-98bc-0019dbd107a2}]

shell\AutoRun\command - Y:\Razor1911_Installer.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7f59418-b8d6-11de-a99c-0019dbd107a2}]

shell\AutoRun\command - Z:\BSAutoRun.exe
 
 

======File associations======
 

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1

.js - open - "D:\Fabian\Anwendungen\Dreamweaver\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
 

======List of files/folders created in the last 1 months======
 

2010-04-09 11:24:09 ----D---- C:\rsit

2010-04-08 23:30:23 ----D---- C:\Program Files (x86)\CCleaner

2010-04-08 22:27:43 ----D---- C:\Windows\pss

2010-04-08 19:51:00 ----D---- C:\Program Files (x86)\Trend Micro

2010-04-08 19:31:11 ----A---- C:\mbam-error.txt

2010-04-08 18:49:55 ----A---- C:\Windows\system32\stu2.exe

2010-04-08 18:49:00 ----A---- C:\Windows\Blomoa.exe

2010-04-08 18:42:47 ----SHD---- C:\Config.Msi

2010-04-01 16:31:16 ----A---- C:\Windows\system32\mshtml.dll

2010-04-01 16:31:12 ----A---- C:\Windows\system32\iertutil.dll

2010-04-01 16:31:12 ----A---- C:\Windows\system32\ieframe.dll

2010-04-01 16:31:11 ----A---- C:\Windows\system32\wininet.dll

2010-04-01 16:31:11 ----A---- C:\Windows\system32\urlmon.dll

2010-04-01 16:31:11 ----A---- C:\Windows\system32\occache.dll

2010-04-01 16:31:11 ----A---- C:\Windows\system32\mstime.dll

2010-04-01 16:31:11 ----A---- C:\Windows\system32\msfeeds.dll

2010-04-01 16:31:11 ----A---- C:\Windows\system32\iedkcs32.dll

2010-04-01 16:31:10 ----A---- C:\Windows\system32\msfeedssync.exe

2010-04-01 16:31:10 ----A---- C:\Windows\system32\msfeedsbs.dll

2010-04-01 16:31:10 ----A---- C:\Windows\system32\jsproxy.dll

2010-04-01 16:31:10 ----A---- C:\Windows\system32\ieUnatt.exe

2010-04-01 16:31:10 ----A---- C:\Windows\system32\ieui.dll

2010-04-01 16:31:10 ----A---- C:\Windows\system32\iesysprep.dll

2010-04-01 16:31:10 ----A---- C:\Windows\system32\iesetup.dll

2010-04-01 16:31:10 ----A---- C:\Windows\system32\iernonce.dll

2010-04-01 16:31:10 ----A---- C:\Windows\system32\iepeers.dll

2010-04-01 16:31:10 ----A---- C:\Windows\system32\ie4uinit.exe

2010-03-28 17:33:10 ----D---- C:\Users\User\AppData\Roaming\NVIDIA

2010-03-28 17:24:54 ----D---- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP

2010-03-28 17:18:15 ----A---- C:\Windows\system32\OpenCL.dll

2010-03-28 17:18:15 ----A---- C:\Windows\system32\nvwgf2um.dll

2010-03-28 17:18:14 ----A---- C:\Windows\system32\nvoglv32.dll

2010-03-28 17:18:12 ----A---- C:\Windows\system32\nvcuvid.dll

2010-03-28 17:18:12 ----A---- C:\Windows\system32\nvcuvenc.dll

2010-03-28 17:18:10 ----A---- C:\Windows\system32\nvcuda.dll

2010-03-28 17:18:10 ----A---- C:\Windows\system32\nvcompiler.dll

2010-03-28 17:09:10 ----A---- C:\Windows\system32\XAudio2_6.dll

2010-03-28 17:09:10 ----A---- C:\Windows\system32\XAPOFX1_4.dll

2010-03-28 17:09:10 ----A---- C:\Windows\system32\xactengine3_6.dll

2010-03-28 17:09:10 ----A---- C:\Windows\system32\X3DAudio1_7.dll

2010-03-28 14:41:58 ----A---- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

2010-03-28 14:35:32 ----D---- C:\Program Files (x86)\SimpleSYN 2.0

2010-03-27 12:48:13 ----D---- C:\Users\User\AppData\Roaming\Dropbox

2010-03-13 14:09:54 ----D---- C:\ProgramData\Solidshield

2010-03-13 14:07:02 ----D---- C:\Users\User\AppData\Roaming\Ubisoft

2010-03-12 20:58:26 ----D---- C:\Users\User\AppData\Roaming\Tropico 3

2010-03-11 21:49:14 ----A---- C:\Windows\system32\nshhttp.dll

2010-03-11 21:49:13 ----A---- C:\Windows\system32\httpapi.dll
 

======List of files/folders modified in the last 1 months======
 

2010-04-09 11:24:09 ----D---- C:\Windows\Temp

2010-04-09 11:12:07 ----D---- C:\Windows\System32

2010-04-09 11:00:08 ----D---- C:\ProgramData\NVIDIA

2010-04-09 10:52:35 ----D---- C:\Windows\Minidump

2010-04-09 10:52:35 ----D---- C:\Windows\Debug

2010-04-09 10:52:35 ----D---- C:\Windows

2010-04-08 23:49:33 ----SHD---- C:\System Volume Information

2010-04-08 23:30:23 ----RD---- C:\Program Files (x86)

2010-04-08 22:14:43 ----D---- C:\Windows\Tasks

2010-04-08 22:02:12 ----D---- C:\Windows\SysWOW64

2010-04-08 20:06:39 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-04-08 20:06:36 ----D---- C:\Windows\system32\drivers

2010-04-08 18:48:51 ----D---- C:\Windows\Prefetch

2010-04-08 18:43:21 ----SHD---- C:\Windows\Installer

2010-04-08 18:42:58 ----D---- C:\ProgramData\Adobe

2010-04-08 18:42:58 ----D---- C:\Program Files (x86)\Common Files\Adobe

2010-04-08 18:42:56 ----D---- C:\Program Files (x86)\Adobe

2010-04-05 16:05:10 ----D---- C:\Users\User\AppData\Roaming\uTorrent

2010-04-05 16:04:58 ----D---- C:\Users\User\AppData\Roaming\vlc

2010-04-03 11:57:39 ----D---- C:\Program Files (x86)\Mozilla Firefox

2010-04-02 11:50:28 ----D---- C:\Windows\system32\migration

2010-04-02 11:50:28 ----D---- C:\Program Files (x86)\Internet Explorer

2010-04-01 23:01:44 ----D---- C:\Windows\winsxs

2010-03-28 17:25:48 ----D---- C:\Windows\inf

2010-03-28 17:24:33 ----RD---- C:\Program Files

2010-03-28 17:08:45 ----RSD---- C:\Windows\assembly

2010-03-28 17:01:58 ----D---- C:\Program Files (x86)\NVIDIA Corporation

2010-03-28 17:01:57 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2010-03-28 16:27:37 ----D---- C:\Windows\Microsoft.NET

2010-03-28 15:48:55 ----SD---- C:\Users\User\AppData\Roaming\Microsoft

2010-03-28 14:41:58 ----HD---- C:\ProgramData

2010-03-28 13:32:32 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2010-03-28 13:32:31 ----D---- C:\ProgramData\Media Center Programs

2010-03-27 16:57:53 ----A---- C:\Windows\NeroDigital.ini

2010-03-26 00:40:36 ----D---- C:\Users\User\AppData\Roaming\ICQ

2010-03-24 08:23:12 ----D---- C:\Users\User\AppData\Roaming\Any DVD Converter Professional

2010-03-16 08:51:59 ----A---- C:\Windows\system32\nvd3dum.dll

2010-03-16 08:51:59 ----A---- C:\Windows\system32\nvapi.dll
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []

R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []

R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

S1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []

S1 zhrroheo7;zhrroheo7; C:\Windows\system32\drivers\zhrroheo7.sys []

S3 as74nweh;as74nweh; C:\Windows\system32\drivers\as74nweh.sys []

S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys []

S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys []

S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys []

S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys []

S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []

S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []

S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []

S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys []

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]

R2 Bonjour Service;Bonjour-Dienst; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]

R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]

S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; D:\Fabian\Anwendungen\Hamachi2.0\hamachi-2.exe -s []

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-29 89920]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-22 654848]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 660256]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]

S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-18 19968]

S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-09-05 316664]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
 

-----------------EOF-----------------

Den cccleaner hab ich natürlich auch bereits ausgeführt.

Ich hoffe irgendwer kann mal drüber gucken und schauen obs System noch infiziert ist. Vielen Dank schonmal :).

Code:

OTL logfile created on: 09.04.2010 16:47:12 - Run 1

OTL by OldTimer - Version 3.2.1.1     Folder = C:\Users\User\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free

8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 73,84 Gb Total Space | 16,97 Gb Free Space | 22,99% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PC6

Current User Name: User

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()

PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)

MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)

SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)

SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)

SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)

SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()

SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()

DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()

DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)

DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation)

DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation)

DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation)

DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation)

DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)

DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()

DRV - (CSC) -- C:\Windows\CSC [2009.10.13 18:30:00 | 000,000,000 | ---D | M]

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B C1 F3 24 78 D3 CA 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.1.2

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.03 11:57:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.08 18:42:58 | 000,000,000 | ---D | M]

 

[2009.10.13 19:48:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions

[2010.04.08 18:54:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions

[2009.10.20 20:44:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.05 10:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}

[2009.11.02 22:38:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009.11.28 18:30:35 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

[2010.01.31 16:59:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\iurczso7.default\extensions\personas@christopher.beard

[2010.04.08 18:54:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2008.12.19 01:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npstrlnk.dll

[2010.01.31 16:52:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.31 16:52:45 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.31 16:52:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.31 16:52:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.31 16:52:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iTunesHelper] D:\Fabian\Anwendungen\iTunes\iTunesHelper.exe File not found

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKCU..\Run: [ICQ] D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe File not found

O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [Steam] D:\Fabian\Spiele\Steam2\Steam.exe File not found

O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.exe - Verknüpfung.lnk = C:\Program Files (x86)\Rainmeter\Rainmeter.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe File not found

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Fabian\Anwendungen\ICQ6.5\ICQ.exe File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (nmklo) -  File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{161918f6-c008-11de-9581-0019dbd107a2}\Shell - "" = AutoRun

O33 - MountPoints2\{161918f6-c008-11de-9581-0019dbd107a2}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found

O33 - MountPoints2\{32564761-f3c4-11de-8900-0019dbd107a2}\Shell\access\command - "" = I:\.\sgportable\SGPortable.exe -- File not found

O33 - MountPoints2\{32564761-f3c4-11de-8900-0019dbd107a2}\Shell\AutoRun\command - "" = I:\.\sgportable\SGPortable.exe -- File not found

O33 - MountPoints2\{4e6fdaa5-c603-11de-b131-0019dbd107a2}\Shell - "" = AutoRun

O33 - MountPoints2\{4e6fdaa5-c603-11de-b131-0019dbd107a2}\Shell\AutoRun\command - "" = L:\SETUP.EXE -- File not found

O33 - MountPoints2\{66b312cc-ce0f-11de-9254-0019dbd107a2}\Shell - "" = AutoRun

O33 - MountPoints2\{66b312cc-ce0f-11de-9254-0019dbd107a2}\Shell\AutoRun\command - "" = 1

O33 - MountPoints2\{ea521c2c-f762-11d4-98bc-0019dbd107a2}\Shell - "" = AutoRun

O33 - MountPoints2\{ea521c2c-f762-11d4-98bc-0019dbd107a2}\Shell\AutoRun\command - "" = Y:\Razor1911_Installer.exe -- File not found

O33 - MountPoints2\{f7f59418-b8d6-11de-a99c-0019dbd107a2}\Shell - "" = AutoRun

O33 - MountPoints2\{f7f59418-b8d6-11de-a99c-0019dbd107a2}\Shell\AutoRun\command - "" = Z:\BSAutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.04.09 16:46:26 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2010.04.09 11:24:09 | 000,000,000 | ---D | C] -- C:\rsit

[2010.04.08 23:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner

[2010.04.08 22:27:43 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010.04.08 19:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010.04.08 18:49:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\stu2.exe

[2010.04.08 18:42:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010.04.01 16:31:11 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll

[2010.04.01 16:31:11 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll

[2010.04.01 16:31:11 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll

[2010.04.01 16:31:11 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll

[2010.04.01 16:31:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll

[2010.04.01 16:31:11 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010.04.01 16:31:11 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll

[2010.04.01 16:31:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll

[2010.04.01 16:31:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2010.04.01 16:31:11 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2010.04.01 16:31:10 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2010.04.01 16:31:10 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2010.04.01 16:31:10 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2010.04.01 16:31:10 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010.04.01 16:31:10 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010.04.01 16:31:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010.04.01 16:31:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2010.04.01 16:31:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010.04.01 16:31:10 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2010.04.01 16:31:10 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2010.04.01 16:31:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2010.04.01 16:31:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2010.04.01 16:31:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2010.04.01 16:31:10 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2010.04.01 16:31:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll

[2010.04.01 16:31:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2010.04.01 16:31:10 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2010.04.01 16:31:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2010.04.01 16:31:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll

[2010.04.01 16:31:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll

[2010.04.01 16:31:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll

[2010.04.01 16:31:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010.04.01 16:31:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2010.03.28 17:34:21 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\4A Games

[2010.03.28 17:33:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA

[2010.03.28 17:24:54 | 000,000,000 | ---D | C] -- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP

[2010.03.28 17:24:33 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation

[2010.03.28 17:18:15 | 006,279,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2010.03.28 17:18:15 | 004,503,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2010.03.28 17:18:15 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010.03.28 17:18:15 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010.03.28 17:18:15 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd

[2010.03.28 17:18:14 | 021,005,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2010.03.28 17:18:14 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2010.03.28 17:18:12 | 002,893,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2010.03.28 17:18:12 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2010.03.28 17:18:12 | 002,106,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2010.03.28 17:18:12 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2010.03.28 17:18:10 | 016,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2010.03.28 17:18:10 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2010.03.28 17:18:10 | 005,444,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2010.03.28 17:18:10 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2010.03.28 17:18:10 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll

[2010.03.28 17:18:10 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll

[2010.03.28 17:13:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\4A Games

[2010.03.28 17:09:10 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll

[2010.03.28 17:09:10 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll

[2010.03.28 17:09:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll

[2010.03.28 17:09:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll

[2010.03.28 17:09:10 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll

[2010.03.28 17:09:10 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll

[2010.03.28 17:09:10 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll

[2010.03.28 17:09:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll

[2010.03.28 14:58:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2010.03.28 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\SimpleSYN

[2010.03.28 14:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimpleSYN 2.0

[2010.03.28 14:33:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\dotnetfx3530729.01

[2010.03.27 12:48:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox

[2010.03.24 23:30:17 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe

[2010.03.16 02:53:00 | 014,828,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2010.03.16 02:53:00 | 001,515,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2010.03.16 02:53:00 | 001,067,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2010.03.16 02:53:00 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2010.03.13 14:41:57 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ANNO 1404 Venedig

[2010.03.13 14:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield

[2010.03.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ubisoft

[2010.03.12 20:58:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Tropico 3

[2010.03.11 21:49:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll

[2010.03.11 21:49:14 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll

[2010.03.11 21:49:13 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll

[2010.03.11 21:49:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.04.09 16:46:44 | 002,621,440 | -HS- | M] () -- C:\Users\User\NTUSER.DAT

[2010.04.09 16:46:30 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2010.04.09 16:46:01 | 005,418,888 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2010.04.09 16:46:01 | 002,046,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010.04.09 16:46:01 | 001,656,662 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2010.04.09 16:46:01 | 001,498,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010.04.09 16:46:01 | 000,005,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010.04.09 16:44:47 | 000,052,597 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010.04.09 16:44:47 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010.04.09 15:54:01 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.04.09 15:54:01 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.04.09 15:53:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.04.09 15:53:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.04.09 15:53:49 | 4294,230,016 | -HS- | M] () -- C:\hiberfil.sys

[2010.04.09 15:52:54 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms

[2010.04.09 15:52:54 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf

[2010.04.09 15:52:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010.04.09 15:52:14 | 003,849,037 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db

[2010.04.09 11:18:01 | 000,942,890 | ---- | M] () -- C:\Users\User\Documents\cc_20100409_111747.reg

[2010.04.09 10:54:06 | 000,000,082 | ---- | M] () -- C:\Users\User\Documents\cc_20100409_105405.reg

[2010.04.08 23:31:58 | 000,019,520 | ---- | M] () -- C:\Users\User\Documents\cc_20100408_233142.reg

[2010.04.08 19:51:00 | 000,001,934 | ---- | M] () -- C:\Users\User\Desktop\HijackThis.lnk

[2010.04.08 18:50:02 | 000,065,024 | ---- | M] () -- C:\Windows\SysWow64\bb52fkri.few

[2010.04.08 18:50:02 | 000,032,768 | ---- | M] () -- C:\Windows\SysWow64\23rh46g.4e

[2010.04.08 18:48:57 | 000,183,808 | ---- | M] () -- C:\Windows\Blomoa.exe

[2010.04.08 18:43:15 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010.04.08 18:11:09 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EFB0A09-63F3-4369-A515-95410BC21F7D}.job

[2010.04.05 12:44:14 | 000,129,024 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010.03.30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010.03.28 14:41:58 | 000,000,129 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2010.03.27 16:57:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010.03.27 12:50:13 | 000,000,920 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2010.03.16 08:51:59 | 021,005,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2010.03.16 08:51:59 | 016,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2010.03.16 08:51:59 | 015,227,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2010.03.16 08:51:59 | 011,906,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2010.03.16 08:51:59 | 011,647,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2010.03.16 08:51:59 | 009,386,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2010.03.16 08:51:59 | 006,279,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2010.03.16 08:51:59 | 005,444,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2010.03.16 08:51:59 | 004,503,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2010.03.16 08:51:59 | 004,029,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2010.03.16 08:51:59 | 002,893,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2010.03.16 08:51:59 | 002,646,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2010.03.16 08:51:59 | 002,106,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2010.03.16 08:51:59 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2010.03.16 08:51:59 | 001,592,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll

[2010.03.16 08:51:59 | 001,296,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2010.03.16 08:51:59 | 000,657,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvudisp.exe

[2010.03.16 08:51:59 | 000,239,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll

[2010.03.16 08:51:59 | 000,239,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll

[2010.03.16 08:51:59 | 000,064,616 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010.03.16 08:51:59 | 000,056,424 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010.03.16 08:51:59 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd

[2010.03.16 08:51:59 | 000,009,832 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2010.03.16 02:53:00 | 014,828,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2010.03.16 02:53:00 | 001,515,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2010.03.16 02:53:00 | 001,067,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2010.03.16 02:53:00 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2010.03.16 02:52:54 | 000,276,196 | ---- | M] () -- C:\Windows\SysNative\NvApps.xml

[2010.03.16 02:52:54 | 000,066,714 | ---- | M] () -- C:\Windows\SysNative\NvwsApps.xml

[2010.03.13 14:00:48 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys

[2010.03.13 14:00:47 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys

[2010.03.12 11:26:42 | 000,657,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.04.09 11:17:48 | 000,942,890 | ---- | C] () -- C:\Users\User\Documents\cc_20100409_111747.reg

[2010.04.09 10:54:06 | 000,000,082 | ---- | C] () -- C:\Users\User\Documents\cc_20100409_105405.reg

[2010.04.08 23:31:45 | 000,019,520 | ---- | C] () -- C:\Users\User\Documents\cc_20100408_233142.reg

[2010.04.08 19:51:00 | 000,001,934 | ---- | C] () -- C:\Users\User\Desktop\HijackThis.lnk

[2010.04.08 18:50:02 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\bb52fkri.few

[2010.04.08 18:50:02 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\23rh46g.4e

[2010.04.08 18:49:00 | 000,183,808 | ---- | C] () -- C:\Windows\Blomoa.exe

[2010.04.08 18:42:58 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010.03.28 17:18:15 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2010.03.28 14:55:06 | 002,164,452 | ---- | C] () -- C:\Users\User\AppData\Local\dd_NET_Framework35_x64_MSI23C7.txt

[2010.03.28 14:41:58 | 000,000,129 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2010.03.28 14:34:40 | 000,000,002 | ---- | C] () -- C:\Users\User\AppData\Local\dd_dotnetfx35error_lp.txt

[2010.03.28 14:34:39 | 000,077,966 | ---- | C] () -- C:\Users\User\AppData\Local\dd_dotnetfx35install_lp.txt

[2010.03.28 14:34:06 | 002,164,708 | ---- | C] () -- C:\Users\User\AppData\Local\dd_NET_Framework35_x64_MSI13B5.txt

[2010.03.28 14:32:57 | 000,517,046 | ---- | C] () -- C:\Users\User\AppData\Local\dd_depcheck_NETFX_EXP_35.txt

[2010.03.28 14:32:43 | 000,886,730 | ---- | C] () -- C:\Users\User\AppData\Local\dd_dotnetfx35install.txt

[2010.03.28 14:32:43 | 000,012,652 | ---- | C] () -- C:\Users\User\AppData\Local\uxeventlog.txt

[2010.03.28 14:32:43 | 000,000,002 | ---- | C] () -- C:\Users\User\AppData\Local\dd_dotnetfx35error.txt

[2010.03.27 12:50:13 | 000,000,920 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2010.03.16 02:52:54 | 000,276,196 | ---- | C] () -- C:\Windows\SysNative\NvApps.xml

[2010.03.16 02:52:54 | 000,066,714 | ---- | C] () -- C:\Windows\SysNative\NvwsApps.xml

[2010.03.13 14:00:48 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys

[2010.03.13 14:00:47 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys

[2010.01.31 18:35:18 | 000,349,852 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI34DE.txt

[2010.01.31 18:35:18 | 000,013,506 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI34DE.txt

[2010.01.31 18:13:52 | 000,348,760 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI2476.txt

[2010.01.31 18:13:52 | 000,012,442 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI2476.txt

[2010.01.31 17:54:08 | 000,348,098 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI155C.txt

[2010.01.31 17:54:08 | 000,011,162 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI155C.txt

[2010.01.31 17:46:43 | 000,348,098 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI0FAE.txt

[2010.01.31 17:46:43 | 000,011,162 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI0FAE.txt

[2010.01.27 21:30:58 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd

[2010.01.25 22:18:47 | 000,432,228 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI0B17.txt

[2010.01.25 22:18:45 | 000,011,434 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI0B17.txt

[2009.12.23 18:23:01 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009.12.23 14:45:58 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini

[2009.12.23 14:45:45 | 000,001,024 | ---- | C] () -- C:\Users\User\.rnd

[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009.10.31 15:34:00 | 001,448,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009.10.22 18:32:06 | 000,000,186 | ---- | C] () -- C:\Windows\aimpr.ini

[2009.10.22 18:20:37 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2009.10.22 13:55:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.10.22 13:55:10 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009.10.16 17:11:22 | 000,000,040 | ---- | C] () -- C:\Users\User\ho.dir

[2009.10.15 16:30:08 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009.10.15 16:30:08 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009.10.13 21:46:58 | 000,129,024 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.10.13 20:22:18 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2009.10.13 19:45:49 | 000,000,142 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat

[2009.10.13 19:44:36 | 000,052,597 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009.10.13 19:44:36 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009.10.13 18:48:58 | 000,000,732 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps64.dat

[2009.10.13 18:47:05 | 002,621,440 | -HS- | C] () -- C:\Users\User\NTUSER.DAT

[2009.10.13 18:47:05 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms

[2009.10.13 18:47:05 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms

[2009.10.13 18:47:05 | 000,262,144 | -H-- | C] () -- C:\Users\User\ntuser.dat.LOG1

[2009.10.13 18:47:05 | 000,065,536 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf

[2009.10.13 18:47:05 | 000,000,020 | -HS- | C] () -- C:\Users\User\ntuser.ini

[2009.10.13 18:47:05 | 000,000,000 | -H-- | C] () -- C:\Users\User\ntuser.dat.LOG2

[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL

[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

Code:

OTL Extras logfile created on: 09.04.2010 16:47:12 - Run 1

OTL by OldTimer - Version 3.2.1.1     Folder = C:\Users\User\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free

8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 73,84 Gb Total Space | 16,97 Gb Free Space | 22,99% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PC6

Current User Name: User

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 66 17 E6 E0 36 4C CA 01  [binary data]

"VistaSp2" = 73 43 B0 A0 10 53 CA 01  [binary data]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-803241420-1934010950-952792630-1000]

"EnableNotifications" = 1

"EnableNotificationsRef" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{33CB1F80-80FF-4482-84F1-B3F2FCCF1E06}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{3E283CB6-E54E-49A2-9356-67A9CF5B4849}" = lport=3689 | protocol=6 | dir=in | name=123 | 

"{445739B4-AB38-4859-A921-7DB71C86BDDF}" = lport=139 | protocol=6 | dir=in | app=system | 

"{A13E64E6-76AC-4225-8421-1E2D11905589}" = lport=138 | protocol=17 | dir=in | app=system | 

"{A505E57E-5DB3-4FD5-8679-5C02AC03BA1B}" = rport=137 | protocol=17 | dir=out | app=system | 

"{AACDEEA8-4F5E-4CA5-86A5-C2896DBE9BBA}" = rport=445 | protocol=6 | dir=out | app=system | 

"{B9106DD3-6FEB-467B-9BA3-3C2C5A0A0765}" = lport=445 | protocol=6 | dir=in | app=system | 

"{C05AD43B-18F2-4630-9817-3A30E1D2A781}" = rport=138 | protocol=17 | dir=out | app=system | 

"{CEFB1F81-1376-42D0-921F-4F1F651CB92E}" = lport=137 | protocol=17 | dir=in | app=system | 

"{D2FCCDA7-127A-41DA-AD31-38F1108EB938}" = rport=139 | protocol=6 | dir=out | app=system | 

"{E0E2865B-7655-44F9-B331-DDDAD4960FAF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{F2B26A55-12E8-4DFB-A66A-39D2E6B8050E}" = lport=5353 | protocol=17 | dir=in | name=456 | 

"{FA436BB3-7984-4556-8A00-3BE9CE5DF906}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0F5ACE2B-D7D9-4A26-9231-ADD06C646497}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 

"{1B713C3E-66D3-4C1B-8477-D77041E24D4B}" = protocol=17 | dir=in | app=d:\fabian\spiele\battlefield bad company 2\bfbc2updater.exe | 

"{23443DBE-4301-4AB3-A227-80C1296DA541}" = protocol=6 | dir=in | app=c:\program files (x86)\simplesyn 2.0\cbn.simplesyn.net.exe | 

"{26FEF112-ADE1-4E61-AF8B-D800696A6615}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{2F09DE54-865A-4F69-8B16-5BCBBE750179}" = protocol=6 | dir=in | app=d:\fabian\spiele\battlefield bad company 2\bfbc2updater.exe | 

"{31861CFA-5A30-466B-9A66-C31F6A858D03}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 

"{3430D390-B041-46A6-BF23-7356A9B4FF2D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{3D000AB0-75F0-4FF6-BF35-5476686B6778}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 

"{44DED4D0-7A20-4A3F-A487-A04E90F62BD5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 

"{4DB07B94-CBD2-40EE-B9C4-01B203D4DDFF}" = protocol=17 | dir=in | app=d:\fabian\anwendungen\itunes\itunes.exe | 

"{55475202-F165-4926-AAFD-242A802BF2C6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{6C5A1782-F8E8-4CA9-91CB-C38C74A10A94}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{79BF4F5B-CA00-4C93-B9E7-3B9EE8CDE64D}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 

"{81C99EB8-4904-442B-AC84-7D7A048E9064}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 

"{861DB8C6-07F5-4EF9-AC72-26CA61B3DB3F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{93366E7E-5A98-41F6-AE89-A5AA8270244A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{97840CDA-757C-46B6-A7F3-068D29E220F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{A2584B94-3AE2-4715-AE68-3EECE75FCA24}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 

"{B00FF054-53F5-4874-BA6B-412B6CEA6707}" = protocol=17 | dir=in | app=c:\program files (x86)\simplesyn 2.0\cbn.simplesyn.net.exe | 

"{B859E9AA-A92A-4B8C-954F-F82F4969003E}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 

"{C7E72AA0-F8DE-425E-97A6-955B043E59B1}" = protocol=6 | dir=in | app=d:\fabian\anwendungen\itunes\itunes.exe | 

"{CE0DF6A9-5D33-4DE8-99C9-44B59B8F8A19}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 

"{D0359988-FA3E-46F7-8D3C-297F6A3E00CD}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | 

"{D072BF93-AADD-48FC-84A9-E2FE7D12B255}" = protocol=6 | dir=in | app=d:\fabian\spiele\anno 1404\tools\addonweb.exe | 

"{D2284407-D7D4-4DA9-9B86-3899EB20AB45}" = protocol=17 | dir=in | app=d:\fabian\spiele\anno 1404\tools\addonweb.exe | 

"{D59A2BD6-6F57-4459-9ED3-C175800F88BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{D73FA54D-3F91-421F-869A-27144EEAE321}" = protocol=6 | dir=in | app=d:\fabian\spiele\anno 1404\addon.exe | 

"{DF5BAAB2-0F14-43DE-907E-AACC02C20203}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{E6886A61-1C78-47F0-BC21-B20E0186B914}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 

"{EAEA9DD4-F2C5-4B0E-94E4-99E1EBB3244F}" = protocol=17 | dir=in | app=d:\fabian\spiele\anno 1404\addon.exe | 

"{ED68F3ED-F835-4BFD-9008-FFF51C516297}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{EF1C47F8-BFC8-4C9A-A09C-DF48407908AE}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 

"TCP Query User{02315930-A515-4099-85CF-F3ABFEE437BE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 

"TCP Query User{03BC5143-3ABB-448B-821D-95B80564745C}D:\fabian\anwendungen\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\icq6.5\icq.exe | 

"TCP Query User{32C87561-CC1A-418C-A073-387B0DAAC212}D:\fabian\spiele\fifa10\fifa10.exe" = protocol=6 | dir=in | app=d:\fabian\spiele\fifa10\fifa10.exe | 

"TCP Query User{3FEEFEB0-17F1-4C0E-A282-C64F707CBB81}D:\fabian\anwendungen\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\sopcast\sopcast.exe | 

"TCP Query User{504CE358-CBE2-4FFD-9692-560B7A4E1370}D:\fabian\anwendungen\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\sopcast\adv\sopadver.exe | 

"TCP Query User{513CA2D7-C3D5-4A7D-B35A-AA5CA41549D1}D:\fabian\anwendungen\qip\qip.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\qip\qip.exe | 

"TCP Query User{58FD42F9-493F-4320-90D3-45BC0F16BFB8}D:\fabian\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\fabian\spiele\anno 1404\tools\anno4web.exe | 

"TCP Query User{59D0630F-9E9D-4163-8160-DEC385B6996E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 

"TCP Query User{66939F88-F494-41DD-91D7-9C3D8509F5A2}D:\fabian\anwendungen\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\sopcast\sopcast.exe | 

"TCP Query User{67CCB490-025A-4173-8887-E5B015C3D583}D:\fabian\anwendungen\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\icq6.5\icq.exe | 

"TCP Query User{7282F7DD-19E6-4D93-9B1D-E513D0E0DA6F}D:\fabian\spiele\call of duty 6 - modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=d:\fabian\spiele\call of duty 6 - modern warfare 2\iw4mp.exe | 

"TCP Query User{7360F82E-5F5A-41A9-8CB4-A60FA7EFEA98}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 

"TCP Query User{80E7A565-4D33-4A88-AC11-26A2A8F6A3BD}D:\fabian\anwendungen\teamviewer4\teamviewer.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\teamviewer4\teamviewer.exe | 

"TCP Query User{A3AB9CBE-5556-44EB-A5E4-296CE84C0053}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 

"TCP Query User{ABAD5F73-20BA-4E25-AC6C-23ABF2440545}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 

"TCP Query User{B433CCC0-CB7F-4CFB-83F8-9AC8FCADEF88}D:\fabian\spiele\hawx\hawx_dx10.exe" = protocol=6 | dir=in | app=d:\fabian\spiele\hawx\hawx_dx10.exe | 

"TCP Query User{CBD0F552-CF8F-4EE0-B1C1-14A84764B6B0}D:\fabian\spiele\steam\steamapps\solar2000\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\fabian\spiele\steam\steamapps\solar2000\counter-strike source\hl2.exe | 

"TCP Query User{E1A5E573-6D7C-43C0-BA4B-5225A464BA19}D:\fabian\anwendungen\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\fabian\anwendungen\sopcast\adv\sopadver.exe | 

"UDP Query User{04B1D71C-BCD1-454C-BE8A-5317195E173F}D:\fabian\anwendungen\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\sopcast\sopcast.exe | 

"UDP Query User{0CBD975F-2F8D-4E14-A2BA-0C4A213D432B}D:\fabian\anwendungen\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\sopcast\adv\sopadver.exe | 

"UDP Query User{1478B3BE-EFCB-48B9-AA05-F5DBFED9666C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 

"UDP Query User{292AF600-91B6-4155-B63B-E41D3EF0E079}D:\fabian\spiele\call of duty 6 - modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=d:\fabian\spiele\call of duty 6 - modern warfare 2\iw4mp.exe | 

"UDP Query User{331EDB71-6470-4E90-BA3A-1E98E192A103}D:\fabian\anwendungen\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\icq6.5\icq.exe | 

"UDP Query User{363CCD97-8AFA-4470-9117-11CFF6D17CDF}D:\fabian\anwendungen\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\sopcast\sopcast.exe | 

"UDP Query User{45C6EA9A-618E-4657-8C46-49A9E0197E9A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 

"UDP Query User{48400F43-D65A-4106-8BF2-DFF9FE182D35}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 

"UDP Query User{4A157591-46EF-4E0F-9247-6DC880BC6488}D:\fabian\anwendungen\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\icq6.5\icq.exe | 

"UDP Query User{4C184647-39BF-40BA-B23F-7DCF140A01C6}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 

"UDP Query User{6ECC23AF-A291-4BE1-8AEF-D17381856765}D:\fabian\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\fabian\spiele\anno 1404\tools\anno4web.exe | 

"UDP Query User{7B25BF0D-4597-4B5B-9A1C-16C4BF7A2570}D:\fabian\spiele\hawx\hawx_dx10.exe" = protocol=17 | dir=in | app=d:\fabian\spiele\hawx\hawx_dx10.exe | 

"UDP Query User{A870789E-AE19-467F-BF72-2A589A335650}D:\fabian\spiele\steam\steamapps\solar2000\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\fabian\spiele\steam\steamapps\solar2000\counter-strike source\hl2.exe | 

"UDP Query User{B124A813-7F4A-430C-B176-7F79778D2934}D:\fabian\spiele\fifa10\fifa10.exe" = protocol=17 | dir=in | app=d:\fabian\spiele\fifa10\fifa10.exe | 

"UDP Query User{B64847B0-8B3D-473C-8AD4-D31605E3ADD7}D:\fabian\anwendungen\qip\qip.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\qip\qip.exe | 

"UDP Query User{BD6B0061-2CC6-4E69-B475-C6FC9B7CFA03}D:\fabian\anwendungen\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\sopcast\adv\sopadver.exe | 

"UDP Query User{C901E89E-4DA0-4D30-9DB7-D018D505E4CC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 

"UDP Query User{D5E8A076-6E4F-4E53-9C1A-DED5D3596A61}D:\fabian\anwendungen\teamviewer4\teamviewer.exe" = protocol=17 | dir=in | app=d:\fabian\anwendungen\teamviewer4\teamviewer.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"VistaGlazz_is1" = VistaGlazz 2.0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404

"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10

"{1F7C6BBA-4C5B-46C1-A20B-4EA961057B89}" = SimpleSYN 2.0

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16

"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2

"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404

"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3

"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch

"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{BE282C23-5484-47FF-B2C1-EBEA5C891031}" = Nero 8

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3

"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.7.1

"AVI MPEG RM WMV Splitter_is1" = AVI/MPEG/RM/WMV Splitter 4.28

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"EADM" = EA Download Manager

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30

"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2

"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10

"FUSSBALL MANAGER 10 DEMO" = FUSSBALL MANAGER 10 DEMO

"HaaliMkx" = Haali Media Splitter

"Hattrick Organizer" = Hattrick Organizer (remove only)

"HijackThis" = HijackThis 2.0.2

"KoolPlaya" = KoolPlaya

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"Rainmeter" = Rainmeter (remove only)

"RayV" = RayV

"RocketDock_is1" = RocketDock 1.3.5

"SopCast" = SopCast 3.2.4

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.0.2

"Xvid_is1" = Xvid 1.2.2 final uninstall

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"KoolPlaya" = KoolPlaya

"KoolPlayaX64" = KoolPlayaX64

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 09.04.2010 05:25:02 | Computer Name = PC6 | Source = LoadPerf | ID = 3011

Description = 

 

Error - 09.04.2010 05:37:31 | Computer Name = PC6 | Source = LoadPerf | ID = 3012

Description = 

 

Error - 09.04.2010 05:37:31 | Computer Name = PC6 | Source = LoadPerf | ID = 3012

Description = 

 

Error - 09.04.2010 05:37:31 | Computer Name = PC6 | Source = LoadPerf | ID = 3011

Description = 

 

Error - 09.04.2010 10:01:15 | Computer Name = PC6 | Source = LoadPerf | ID = 3012

Description = 

 

Error - 09.04.2010 10:01:15 | Computer Name = PC6 | Source = LoadPerf | ID = 3012

Description = 

 

Error - 09.04.2010 10:01:15 | Computer Name = PC6 | Source = LoadPerf | ID = 3011

Description = 

 

Error - 09.04.2010 10:45:58 | Computer Name = PC6 | Source = LoadPerf | ID = 3012

Description = 

 

Error - 09.04.2010 10:45:58 | Computer Name = PC6 | Source = LoadPerf | ID = 3012

Description = 

 

Error - 09.04.2010 10:45:58 | Computer Name = PC6 | Source = LoadPerf | ID = 3011

Description = 

 

[ System Events ]

Error - 09.04.2010 05:01:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7023

Description = 

 

Error - 09.04.2010 05:01:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 09.04.2010 05:01:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 09.04.2010 05:31:45 | Computer Name = PC6 | Source = Service Control Manager | ID = 7023

Description = 

 

Error - 09.04.2010 05:31:45 | Computer Name = PC6 | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 09.04.2010 05:31:45 | Computer Name = PC6 | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 09.04.2010 09:55:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7023

Description = 

 

Error - 09.04.2010 09:55:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 09.04.2010 09:55:26 | Computer Name = PC6 | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 09.04.2010 10:25:46 | Computer Name = PC6 | Source = BROWSER | ID = 8032

Description = 

 

 

< End of report >