Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected? My Internet is slow


  • This topic is locked This topic is locked
12 replies to this topic

#1 alexj.

alexj.

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 24 May 2010 - 03:19 PM

Since around 1 Week my Internet just doesent want to go to its limits on Server that offer always Full Speed so its not the Server so I madde a HijackThis Log maybe you guys know something :S

CODE
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:11:37, on 24.05.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
D:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
C:\Windows\SysWOW64\DannyHost.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
D:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe
D:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
D:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
D:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Users\Alex\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: The IP address should
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll
O4 - HKLM\..\Run: [DannyHost] "C:\Windows\SysWOW64\DannyHost.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [_winupdate.exe] C:\Users\Alex\AppData\Roaming\_winupdate.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Snagit 9.lnk = D:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files (x86)\ICQ6.5\ICQ.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - D:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - D:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VisualSVN Server (VisualSVNServer) - Apache Software Foundation - D:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13534 bytes


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 26 May 2010 - 11:43 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 alexj.

alexj.
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 26 May 2010 - 12:16 PM

Well as i said up there the Problem is that my Internet is somehow pretty slow since around 2 Weeks. I dont have any Programs that I know about running in the Background and on my Laptop eveyrthing works with full speed.
Some days ago I ran a Avira Scan and it didnt find anything but I didnt perform any other Steps.

Here are the two Logs:

OTL.txt:


OTL logfile created on: 26.05.2010 19:06:18 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Alex\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 68,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,00 Gb Total Space | 13,22 Gb Free Space | 16,73% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 187,62 Gb Free Space | 32,02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 115,08 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MACHINEFROMHELL
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.26 19:05:14 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2010.05.03 18:16:12 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2010.05.03 18:16:12 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2010.05.02 23:21:54 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.05.02 23:21:46 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2010.05.02 23:21:44 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010.05.02 23:21:43 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.05.02 23:21:42 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.04.27 13:43:48 | 000,611,840 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.04.03 13:12:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.03.16 13:16:58 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010.02.12 17:11:42 | 000,023,840 | ---- | M] (Apache Software Foundation) -- D:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
PRC - [2010.01.12 16:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- D:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.10.29 13:57:37 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009.10.29 13:57:29 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.10.24 13:07:00 | 000,039,424 | ---- | M] (Danny-PC) -- C:\Windows\SysWOW64\DannyHost.exe
PRC - [2009.10.08 15:31:41 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009.09.30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009.08.29 08:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.07.26 17:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.06.03 13:19:38 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009.06.03 13:14:24 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.04.17 13:08:00 | 000,053,064 | ---- | M] (TechSmith Corporation) -- D:\Program Files (x86)\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009.04.17 13:07:58 | 000,089,928 | ---- | M] (TechSmith Corporation) -- D:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009.04.17 13:07:56 | 008,824,648 | ---- | M] (TechSmith Corporation) -- D:\Program Files (x86)\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009.04.17 13:07:54 | 007,226,184 | ---- | M] (TechSmith Corporation) -- D:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.01.22 19:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2006.03.29 18:29:10 | 000,724,992 | ---- | M] (Eugene Roshal & FAR Group) -- D:\FarManager+JdFlasher Test6 add1 CID53\Far\Far.exe
PRC - [2003.03.19 01:55:56 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010.05.26 19:05:14 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2009.11.03 17:11:38 | 000,273,408 | ---- | M] (Danny-PC) -- C:\Windows\SysWOW64\DannyHelper.dll
MOD - [2009.07.14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.05.04 17:13:53 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.02.25 19:37:16 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV:64bit: - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV:64bit: - [2009.07.14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009.07.14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009.07.14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009.07.14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009.07.14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009.07.14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009.07.14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.07.14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009.07.14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009.07.14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009.07.14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009.07.14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009.07.14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009.07.14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009.05.04 17:47:36 | 000,809,984 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV:64bit: - [2008.07.29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2010.05.03 18:16:12 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010.05.02 23:21:54 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.02 23:21:46 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.05.02 23:21:44 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.05.02 23:21:43 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.04.27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.17 19:06:28 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.02.25 19:42:00 | 001,398,088 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.25 19:37:08 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.01.12 18:31:08 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.01.12 16:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.10.29 13:57:37 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009.10.29 13:57:29 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.10.12 18:33:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.10.08 15:31:41 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009.09.12 18:10:04 | 000,891,848 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.09.12 00:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- D:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009.07.26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.22 19:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2003.03.19 01:55:56 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [1998.06.06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.05.07 11:16:46 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2010.05.02 23:22:05 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.05.02 23:22:04 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.02.26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.02.26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.02.26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010.02.26 14:21:22 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.02.26 14:21:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010.01.08 17:32:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.11 12:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009.11.04 20:14:03 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.11.04 20:14:02 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.10.16 18:15:37 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.10.08 15:31:42 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2009.10.08 15:31:40 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2009.10.08 15:31:38 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2009.10.08 15:31:29 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009.09.26 08:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009.08.28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009.07.14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009.07.14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009.07.14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009.07.14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009.07.14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009.07.14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009.07.14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009.07.14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009.07.14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009.07.14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009.07.14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009.07.14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009.07.14 02:07:00 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) Bluetooth-Gerät (PAN)
DRV:64bit: - [2009.07.14 02:06:57 | 000,551,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2009.07.14 02:06:56 | 000,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
DRV:64bit: - [2009.07.14 02:06:53 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009.07.14 02:06:52 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2009.07.14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.07.14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009.07.14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009.07.14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009.07.14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009.07.14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009.07.14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009.07.14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009.07.14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009.07.14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009.07.14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009.07.14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009.06.11 16:23:16 | 000,086,528 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gt72ubus.sys -- (GT72UBUS)
DRV:64bit: - [2009.06.11 16:22:44 | 000,010,496 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtptser.sys -- (GTPTSER)
DRV:64bit: - [2009.06.11 16:22:30 | 000,130,048 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 19:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express) Intel®
DRV:64bit: - [2009.06.03 15:29:44 | 001,561,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009.06.03 15:29:32 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009.06.03 15:29:24 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009.06.03 15:29:14 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009.06.03 15:29:06 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009.06.03 15:28:56 | 000,685,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009.06.03 15:28:46 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009.06.03 15:28:36 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2009.06.03 15:28:36 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2009.06.03 15:28:20 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2009.06.03 15:28:20 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2009.06.03 15:28:12 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2009.06.03 15:28:12 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.06 10:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009.04.06 10:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2008.12.04 18:31:00 | 000,060,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2008.09.17 16:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.08.08 15:15:30 | 000,115,328 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008.02.05 01:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2006.08.29 16:56:20 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prodigy.sys -- (PRODIGY)
DRV - [2010.04.25 20:18:16 | 000,000,000 | ---D | M] [File_System | Boot | Running] -- D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\FileInfo -- (FileInfo)
DRV - [2010.03.17 23:34:36 | 000,068,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2010.02.25 11:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.10.24 13:56:18 | 000,222,152 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.10.07 18:40:35 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009.07.14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 2F 77 CE 0F F2 CA 01 [binary data]
IE - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {35feb08b-ebb1-4f2b-a9a2-06d30d4536ba}:0.4
FF - prefs.js..extensions.enabledItems: ststusscicalc@sunny:4.9.2
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {da684c80-6ad7-4a95-80ec-959e8ab082fd}:1.9
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100415
FF - prefs.js..network.proxy.backup.ftp: "213.82.91.94"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "213.82.91.94"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "213.82.91.94"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "213.82.91.94"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "79.170.43.72"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "79.170.43.72"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "79.170.43.72"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "79.170.43.72"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "79.170.43.72"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Firefox\Extensions\\{10289AD8-241D-406C-8168-6508B4D257D6}: C:\Users\Alex\Desktop\Download Managers\Depositfiles Filemanager with FTP\Firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010.04.09 02:59:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.25 20:56:45 | 000,000,000 | ---D | M]

[2009.10.07 18:54:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2010.05.26 13:34:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions
[2010.03.26 22:30:07 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010.05.13 00:24:30 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.05.13 00:24:30 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.04.28 07:16:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.07 18:55:56 | 000,000,000 | ---D | M] (rstoql) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{35feb08b-ebb1-4f2b-a9a2-06d30d4536ba}
[2009.10.07 18:55:56 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2010.05.16 20:41:59 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009.12.19 00:02:27 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.04.16 07:50:02 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010.04.13 22:51:54 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.02.11 08:45:02 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.05.09 15:45:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.01 08:16:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.13 07:56:31 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.05.22 23:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{da684c80-6ad7-4a95-80ec-959e8ab082fd}
[2010.05.16 20:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.04.11 14:07:38 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.10.07 18:55:57 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.02.24 07:52:11 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
[2010.01.14 01:10:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\allglassv2@ambroos.neowin.net
[2010.01.21 23:34:45 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\chromifox@altmusictv.com
[2010.05.07 19:25:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\firebug@software.joehewitt.com
[2010.01.21 23:34:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\foxdie_theme_blue_ocelot@foxdie.us
[2010.01.21 23:34:50 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\foxdie_theme_graphite_ocelot@foxdie.us
[2010.05.02 20:06:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\nasanightlaunch@example.com
[2010.04.13 22:51:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\personas@christopher.beard
[2010.05.22 23:13:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\staged-xpis
[2010.03.31 07:50:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\t8nfcvvq.default\extensions\ststusscicalc@sunny

O1 HOSTS File: ([2010.05.12 15:04:40 | 000,001,958 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: The IP address should
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 http://www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 21 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DannyHost] C:\Windows\SysWOW64\DannyHost.exe (Danny-PC)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001..\Run: [_winupdate.exe] C:\Users\Alex\AppData\Roaming\_winupdate.exe File not found
O4 - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.02.10 11:12:43 | 000,000,059 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0757dbb5-b360-11de-8188-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0757dbb5-b360-11de-8188-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0852c175-e8e7-11de-84ec-000b0d305a2e}\Shell - "" = AutoRun
O33 - MountPoints2\{0852c175-e8e7-11de-84ec-000b0d305a2e}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{17859797-fc6c-11de-a65c-000b0d305a2e}\Shell - "" = AutoRun
O33 - MountPoints2\{17859797-fc6c-11de-a65c-000b0d305a2e}\Shell\AutoRun\command - "" = 0
O33 - MountPoints2\{d161aad2-e817-11de-81f6-000b0d305a2e}\Shell - "" = AutoRun
O33 - MountPoints2\{d161aad2-e817-11de-81f6-000b0d305a2e}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{d161aad7-e817-11de-81f6-000b0d305a2e}\Shell - "" = AutoRun
O33 - MountPoints2\{d161aad7-e817-11de-81f6-000b0d305a2e}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e2daa501-b368-11de-9eee-000b0d305a2e}\Shell - "" = AutoRun
O33 - MountPoints2\{e2daa501-b368-11de-9eee-000b0d305a2e}\Shell\AutoRun\command - "" = N:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1481984512-2953908538-1399946397-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

MsConfig:64bit - StartUpFolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GlobeTrotter Connect.lnk - C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe - (Option)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DarkCoderSc - hkey= - key= - C:\Windows\SysWow64\DarkCoderSc.exe File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: DNS7reminder - hkey= - key= - D:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - D:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Server - hkey= - key= - C:\Users\Alex\AppData\Local\server.exe File not found
MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig:64bit - StartUpReg: win_update.exe - hkey= - key= - C:\Users\Alex\AppData\Roaming\win_update.exe File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {559BDDBF-D39C-DC42-4844-410864A97635} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {DF9856DE-84EA-8E82-06CC-739F82CD90E4} - Offline Browsing Pack
ActiveX:64bit: {DFBE53AC-D25A-45B7-0C13-1495C48A9BEF} - Offline Browsing Pack
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F534503B-AC52-5D9A-4C4F-97B802294B7D} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {F96ABFD8-8CBA-2803-E7AF-FDE11C86FEB1} - Offline Browsing Pack
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1YQ4XR07-WWNE-WCLU-IUKN-4WUQ31HWDHFN} - C:\Users\Alex\AppData\Roaming\wuauclt.exe
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - C:\Windows\SysNative\frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.26 19:05:14 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010.05.25 22:26:14 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2010.05.25 22:23:00 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010.05.25 22:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010.05.24 22:08:51 | 002,979,840 | ---- | C] (Microsoft) -- C:\Users\Alex\Desktop\WinRar 3.93 Installer.exe
[2010.05.22 21:00:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\NFS SHIFT
[2010.05.22 17:18:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\NVIDIA
[2010.05.21 21:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2010.05.20 15:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger_Plus_Live_Germany
[2010.05.16 23:39:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Test Drive Unlimited
[2010.05.16 23:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Test Drive Unlimited
[2010.05.16 13:56:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.05.16 03:35:23 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\scenetools Bot
[2010.05.16 00:22:34 | 000,716,800 | ---- | C] (Sysinternals) -- C:\Windows\SysNative\SysInternalsBluescreen.scr
[2010.05.16 00:11:15 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Children of the Nile
[2010.05.15 22:43:51 | 000,762,864 | ---- | C] (Red Gate Software Ltd ) -- C:\Users\Alex\Desktop\pInvoke VS addin.exe
[2010.05.15 19:24:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\Neuer Ordner (3)
[2010.05.12 16:23:32 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Webpanel
[2010.05.12 14:32:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Red_Gate_Software_Ltd
[2010.05.11 15:13:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Neuer Ordner
[2010.05.10 14:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Red Gate
[2010.05.09 02:59:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\PreEmptive Solutions
[2010.05.08 16:52:48 | 000,278,528 | ---- | C] (by sleepdaddy) -- C:\Users\Alex\Desktop\Yahoo_Creator.exe
[2010.05.08 16:22:17 | 002,112,789 | ---- | C] (www.sicheats.com) -- C:\Users\Alex\Desktop\Tom Clancy's Splinter Cell Conviction v1.0 + 7 Trainer.exe
[2010.05.08 00:10:58 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\storage
[2010.05.07 22:20:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Flight Simulator X-Dateien
[2010.05.07 22:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2010.05.07 17:16:09 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2010.05.07 00:07:49 | 000,012,800 | ---- | C] (Microsoft) -- C:\IconChange.exe
[2010.05.06 23:21:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\BRM Crypt 2.1.2
[2010.05.06 21:31:54 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2010.05.06 21:21:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Obfuscar_1.5.4
[2010.05.06 20:32:33 | 000,820,224 | ---- | C] (Daniel Pistelli) -- C:\Users\Alex\Desktop\RebelDotNET.exe
[2010.05.06 19:42:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Treiber
[2010.05.06 16:01:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Strike
[2010.05.06 14:34:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Stereoscopic Player
[2010.05.06 14:28:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Licenses
[2010.05.06 14:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DDD
[2010.05.05 15:38:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft FxCop
[2010.05.05 14:43:19 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Cinema 4D
[2010.05.05 14:05:46 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\MAXON
[2010.05.04 17:18:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\maya
[2010.05.04 17:13:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Autodesk Shared
[2010.05.04 17:11:58 | 000,000,000 | ---D | C] -- C:\Programme\Autodesk
[2010.05.04 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Autodesk
[2010.05.04 17:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010.05.04 13:04:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010.05.03 06:46:25 | 000,000,000 | ---D | C] -- C:\Programme\ComPlus Applications
[2010.05.02 22:30:27 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Simple
[2010.05.02 22:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Publish
[2010.05.02 22:01:56 | 000,000,000 | ---D | C] -- C:\Windows\msapps
[2010.05.02 20:05:11 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\SecurDisc Key Data
[2010.05.02 20:04:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Nero
[2010.05.02 20:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.05.02 20:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010.05.02 13:06:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Rat-Control
[2010.05.02 13:06:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Rat
[2010.05.01 12:35:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ArtinSoft
[2010.05.01 12:35:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Artinsoft
[2010.05.01 12:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ArtinSoft
[2010.04.30 19:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RonyaSoft CD DVD Label Maker
[2010.04.29 16:01:42 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.04.29 15:57:22 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.04.29 15:57:22 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.04.29 15:57:22 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.04.29 15:57:22 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.04.29 15:57:22 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.04.29 15:57:22 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.04.29 15:57:22 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.04.29 15:57:22 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.04.29 15:57:22 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.04.29 15:57:22 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.04.29 15:57:22 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.04.29 15:57:22 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.04.29 15:57:22 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.04.29 15:57:22 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.04.29 15:57:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.04.29 15:57:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.04.29 15:57:18 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.04.29 15:57:18 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.04.29 15:57:18 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.04.29 15:57:18 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.04.29 15:57:18 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.04.29 15:57:18 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.04.29 15:57:18 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.04.29 15:57:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.04.29 15:57:17 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.04.29 15:57:17 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.04.29 15:57:16 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.04.29 15:57:16 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.04.29 15:57:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.04.29 15:57:16 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.04.29 15:57:15 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010.04.29 15:57:12 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.04.29 15:57:12 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010.04.29 15:57:11 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.04.29 15:57:11 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.04.29 15:57:11 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.04.29 14:43:11 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Settlers7
[2010.04.28 07:58:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Stardock
[2010.04.28 07:14:25 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Scansoft
[2010.04.27 18:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.04.27 16:28:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Nuance
[2010.04.27 16:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2010.04.27 16:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2010.04.27 16:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2010.04.27 16:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2010.04.27 16:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009.06.03 13:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.26 19:07:43 | 012,058,624 | -HS- | M] () -- C:\Users\Alex\NTUSER.DAT
[2010.05.26 19:05:14 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2010.05.26 18:50:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.26 18:48:45 | 002,282,836 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.26 18:48:45 | 001,191,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.26 18:48:45 | 000,668,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.26 18:48:45 | 000,591,968 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.26 18:48:45 | 000,006,920 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.26 18:24:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1481984512-2953908538-1399946397-1001UA.job
[2010.05.26 16:50:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.26 12:31:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.05.26 12:27:50 | 005,051,984 | ---- | M] () -- C:\Users\Alex\Desktop\utp_universal_treiber_paket__sony_ericsson__by_grisu59964.exe
[2010.05.26 12:24:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1481984512-2953908538-1399946397-1001Core.job
[2010.05.26 03:00:13 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2010.05.25 22:46:55 | 000,019,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.25 22:46:55 | 000,019,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.25 22:26:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010.05.25 22:25:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.25 22:24:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.25 22:24:53 | 2095,529,983 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.25 22:24:52 | 000,230,692 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2010.05.25 22:24:08 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010.05.25 22:24:08 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010.05.25 22:24:08 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010.05.25 22:23:47 | 009,668,864 | -H-- | M] () -- C:\Users\Alex\AppData\Local\IconCache.db
[2010.05.25 22:22:12 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.05.24 16:46:40 | 000,000,185 | ---- | M] () -- C:\Windows\mdm.ini
[2010.05.23 00:55:15 | 000,000,514 | ---- | M] () -- C:\Windows\win.ini
[2010.05.22 23:02:40 | 000,002,693 | ---- | M] () -- C:\Users\Public\Desktop\Krypton Explorer.lnk
[2010.05.22 21:00:39 | 000,001,295 | ---- | M] () -- C:\Users\Alex\Desktop\Need for Speed SHIFT.lnk
[2010.05.22 01:49:06 | 069,061,195 | ---- | M] () -- C:\Users\Alex\Desktop\22052010044.mp4
[2010.05.20 07:17:29 | 002,998,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.20 00:24:04 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.05.20 00:24:04 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010.05.18 17:43:46 | 002,979,840 | ---- | M] (Microsoft) -- C:\Users\Alex\Desktop\WinRar 3.93 Installer.exe
[2010.05.18 14:06:38 | 000,014,014 | ---- | M] () -- C:\Users\Alex\Desktop\winrar.bmp
[2010.05.17 13:33:40 | 000,109,448 | ---- | M] () -- C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.17 02:00:14 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2010.05.16 23:32:50 | 000,000,973 | ---- | M] () -- C:\Users\Alex\Desktop\Test Drive Unlimited starten.lnk
[2010.05.16 03:01:40 | 000,003,275 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\SAS7_000.DAT
[2010.05.15 23:33:24 | 000,000,841 | ---- | M] () -- C:\Users\Alex\Desktop\KINDER DES NILS.lnk
[2010.05.11 16:34:35 | 000,008,012 | ---- | M] () -- C:\Pokemon Emerald # GBA.clt
[2010.05.11 16:25:18 | 000,008,012 | ---- | M] () -- C:\Pokemon Smaragd (D).clt
[2010.05.11 14:59:50 | 000,204,939 | ---- | M] () -- C:\Users\Alex\Documents\Wichtiges nach Systemneuaufsetzung.nbs
[2010.05.10 18:30:34 | 000,643,441 | ---- | M] () -- C:\Users\Alex\Desktop\10052010220.jpg
[2010.05.09 16:22:25 | 000,204,939 | ---- | M] () -- C:\Users\Alex\Documents\SecurDisc1_DVD.nbs
[2010.05.09 15:17:30 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\Fraps.lnk
[2010.05.09 03:08:30 | 000,012,086 | ---- | M] () -- C:\Users\Alex\Desktop\Nero 10.0.0.13200 Setup + Serial - War3.torrent
[2010.05.08 16:52:48 | 000,278,528 | ---- | M] (by sleepdaddy) -- C:\Users\Alex\Desktop\Yahoo_Creator.exe
[2010.05.08 16:22:11 | 001,188,910 | ---- | M] () -- C:\Users\Alex\Desktop\splinter_cell_conviction_plus_7_trainer.zip
[2010.05.08 16:16:36 | 000,001,094 | ---- | M] () -- C:\Users\Alex\Desktop\Splinter Cell - Convinction.lnk
[2010.05.08 12:01:21 | 060,286,727 | ---- | M] () -- C:\Users\Alex\Desktop\6av-8b-sigma.zip
[2010.05.08 11:32:28 | 000,013,179 | ---- | M] () -- C:\Users\Alex\Documents\Dein Nase bricht.docx
[2010.05.07 22:19:45 | 000,001,359 | ---- | M] () -- C:\Users\Alex\Desktop\fsx.exe - Verknüpfung.lnk
[2010.05.07 19:36:21 | 000,000,530 | ---- | M] () -- C:\Users\Alex\Desktop\Nero 10 Keygen - iLo.torrent
[2010.05.07 18:15:26 | 000,000,714 | ---- | M] () -- C:\Users\Alex\Desktop\JDownloader.lnk
[2010.05.07 17:42:28 | 000,000,648 | ---- | M] () -- C:\Users\Alex\Desktop\PantsOff.lnk
[2010.05.07 17:24:16 | 000,403,968 | ---- | M] () -- C:\Users\Alex\AppData\Local\_xx_server.exe
[2010.05.07 17:16:36 | 000,000,648 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.05.07 16:55:50 | 000,010,240 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.07 00:06:51 | 000,012,800 | ---- | M] (Microsoft) -- C:\IconChange.exe
[2010.05.06 23:24:03 | 000,003,093 | ---- | M] () -- C:\Users\Alex\AppData\Local\keylog.dat
[2010.05.06 23:21:52 | 000,435,712 | ---- | M] () -- C:\release.exe
[2010.05.06 19:02:39 | 000,000,084 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010.05.06 18:15:34 | 000,061,440 | -H-- | M] () -- C:\Users\Alex\AppData\Roaming\wuauclt.exe
[2010.05.06 14:34:45 | 000,002,645 | ---- | M] () -- C:\Users\Public\Desktop\Stereoscopic Player.lnk
[2010.05.06 12:04:03 | 000,622,773 | ---- | M] () -- C:\Users\Alex\Desktop\ultimate_spreading.pdf
[2010.05.05 14:12:34 | 000,000,849 | ---- | M] () -- C:\Users\Alex\Desktop\CINEMA 4D 64 Bit.lnk
[2010.05.05 14:12:34 | 000,000,820 | ---- | M] () -- C:\Users\Alex\Desktop\CINEMA 4D.lnk
[2010.05.05 14:02:17 | 000,000,454 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.05.05 13:45:14 | 000,001,533 | ---- | M] () -- C:\Users\Alex\Desktop\iCam.zip
[2010.05.04 17:13:52 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Maya 2011 64-bit.lnk
[2010.05.03 18:16:12 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
[2010.05.03 18:16:12 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\srvany.exe
[2010.05.03 17:40:37 | 000,008,561 | ---- | M] () -- C:\Users\Alex\Desktop\tictactoe.bat
[2010.05.02 23:22:05 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.05.02 23:22:04 | 000,081,072 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.05.02 23:22:00 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Documents\HBEDV.KEY
[2010.05.02 22:08:03 | 000,035,840 | ---- | M] () -- C:\Windows\SysWow64\COMDLG32.oca
[2010.05.02 22:03:49 | 000,000,945 | ---- | M] () -- C:\Users\Alex\Desktop\Microsoft Visual C++ 6.0.lnk
[2010.05.02 22:03:46 | 000,000,869 | ---- | M] () -- C:\Users\Alex\Desktop\Microsoft Visual Basic 6.0.lnk
[2010.05.02 22:03:10 | 000,000,804 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.05.02 22:03:10 | 000,000,535 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2010.05.02 22:02:35 | 000,001,273 | ---- | M] () -- C:\Windows\VB.INI
[2010.05.02 21:58:32 | 000,793,088 | ---- | M] () -- C:\Users\Alex\Desktop\Exe Pumper bei Snax03.exe
[2010.05.02 20:01:24 | 000,003,009 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010.05.01 18:00:40 | 002,112,789 | ---- | M] (www.sicheats.com) -- C:\Users\Alex\Desktop\Tom Clancy's Splinter Cell Conviction v1.0 + 7 Trainer.exe
[2010.05.01 12:40:26 | 000,004,531 | ---- | M] () -- C:\Windows\SETUP.LST
[2010.05.01 12:40:26 | 000,000,315 | ---- | M] () -- C:\Windows\ST6UNST.001
[2010.05.01 12:36:54 | 000,000,315 | ---- | M] () -- C:\Windows\ST6UNST.000
[2010.04.30 20:20:57 | 000,000,604 | ---- | M] () -- C:\Users\Alex\Desktop\Die Siedler 7.lnk
[2010.04.30 19:43:57 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\RonyaSoft CD DVD Label Maker.lnk
[2010.04.27 22:13:58 | 000,000,183 | ---- | M] () -- C:\Users\Alex\Documents\egb.key
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.26 12:31:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.05.26 12:27:48 | 005,051,984 | ---- | C] () -- C:\Users\Alex\Desktop\utp_universal_treiber_paket__sony_ericsson__by_grisu59964.exe
[2010.05.25 22:26:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010.05.25 22:22:12 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.05.22 23:02:40 | 000,002,693 | ---- | C] () -- C:\Users\Public\Desktop\Krypton Explorer.lnk
[2010.05.22 21:00:39 | 000,001,295 | ---- | C] () -- C:\Users\Alex\Desktop\Need for Speed SHIFT.lnk
[2010.05.22 18:52:16 | 069,061,195 | ---- | C] () -- C:\Users\Alex\Desktop\22052010044.mp4
[2010.05.22 15:13:14 | 063,614,976 | ---- | C] () -- C:\Users\Alex\Desktop\KryptonSuite416.msi
[2010.05.18 14:06:38 | 000,014,014 | ---- | C] () -- C:\Users\Alex\Desktop\winrar.bmp
[2010.05.17 21:51:27 | 000,621,568 | ---- | C] () -- C:\Users\Alex\Desktop\TestDriveUnlimited-1.66A-Trn.exe
[2010.05.16 23:32:50 | 000,000,973 | ---- | C] () -- C:\Users\Alex\Desktop\Test Drive Unlimited starten.lnk
[2010.05.16 13:07:24 | 000,907,264 | ---- | C] () -- C:\Users\Alex\Desktop\md5summer.exe
[2010.05.16 03:01:40 | 000,003,275 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\SAS7_000.DAT
[2010.05.15 23:33:24 | 000,000,841 | ---- | C] () -- C:\Users\Alex\Desktop\KINDER DES NILS.lnk
[2010.05.15 21:08:57 | 000,643,441 | ---- | C] () -- C:\Users\Alex\Desktop\10052010220.jpg
[2010.05.11 16:34:35 | 000,008,012 | ---- | C] () -- C:\Pokemon Emerald # GBA.clt
[2010.05.11 15:59:31 | 000,008,012 | ---- | C] () -- C:\Pokemon Smaragd (D).clt
[2010.05.11 14:59:50 | 000,204,939 | ---- | C] () -- C:\Users\Alex\Documents\Wichtiges nach Systemneuaufsetzung.nbs
[2010.05.09 16:22:25 | 000,204,939 | ---- | C] () -- C:\Users\Alex\Documents\SecurDisc1_DVD.nbs
[2010.05.09 15:17:30 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\Fraps.lnk
[2010.05.09 03:08:30 | 000,012,086 | ---- | C] () -- C:\Users\Alex\Desktop\Nero 10.0.0.13200 Setup + Serial - War3.torrent
[2010.05.08 16:22:11 | 001,188,910 | ---- | C] () -- C:\Users\Alex\Desktop\splinter_cell_conviction_plus_7_trainer.zip
[2010.05.08 16:16:36 | 000,001,094 | ---- | C] () -- C:\Users\Alex\Desktop\Splinter Cell - Convinction.lnk
[2010.05.08 11:32:25 | 000,013,179 | ---- | C] () -- C:\Users\Alex\Documents\Dein Nase bricht.docx
[2010.05.08 11:28:36 | 060,286,727 | ---- | C] () -- C:\Users\Alex\Desktop\6av-8b-sigma.zip
[2010.05.07 22:19:45 | 000,001,359 | ---- | C] () -- C:\Users\Alex\Desktop\fsx.exe - Verknüpfung.lnk
[2010.05.07 18:15:26 | 000,000,714 | ---- | C] () -- C:\Users\Alex\Desktop\JDownloader.lnk
[2010.05.07 17:42:28 | 000,000,648 | ---- | C] () -- C:\Users\Alex\Desktop\PantsOff.lnk
[2010.05.07 17:29:23 | 000,000,530 | ---- | C] () -- C:\Users\Alex\Desktop\Nero 10 Keygen - iLo.torrent
[2010.05.07 17:16:36 | 000,000,648 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.05.07 00:12:37 | 000,435,712 | ---- | C] () -- C:\release.exe
[2010.05.07 00:06:36 | 000,733,184 | ---- | C] () -- C:\BRMCrypt.exe
[2010.05.06 18:15:34 | 000,061,440 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\wuauclt.exe
[2010.05.06 14:40:51 | 597,602,897 | ---- | C] () -- C:\Users\Alex\Desktop\The Eye 1080p.wmv
[2010.05.06 14:34:45 | 000,002,645 | ---- | C] () -- C:\Users\Public\Desktop\Stereoscopic Player.lnk
[2010.05.06 12:04:03 | 000,622,773 | ---- | C] () -- C:\Users\Alex\Desktop\ultimate_spreading.pdf
[2010.05.05 23:52:06 | 000,793,088 | ---- | C] () -- C:\Users\Alex\Desktop\Exe Pumper bei Snax03.exe
[2010.05.05 19:53:20 | 000,403,968 | ---- | C] () -- C:\Users\Alex\AppData\Local\_xx_server.exe
[2010.05.05 14:12:34 | 000,000,849 | ---- | C] () -- C:\Users\Alex\Desktop\CINEMA 4D 64 Bit.lnk
[2010.05.05 14:12:34 | 000,000,820 | ---- | C] () -- C:\Users\Alex\Desktop\CINEMA 4D.lnk
[2010.05.05 13:45:14 | 000,001,533 | ---- | C] () -- C:\Users\Alex\Desktop\iCam.zip
[2010.05.04 17:13:52 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Maya 2011 64-bit.lnk
[2010.05.03 17:40:14 | 000,008,561 | ---- | C] () -- C:\Users\Alex\Desktop\tictactoe.bat
[2010.05.02 23:22:00 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Documents\HBEDV.KEY
[2010.05.02 22:08:03 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\COMDLG32.oca
[2010.05.02 22:03:49 | 000,000,945 | ---- | C] () -- C:\Users\Alex\Desktop\Microsoft Visual C++ 6.0.lnk
[2010.05.02 22:03:46 | 000,000,869 | ---- | C] () -- C:\Users\Alex\Desktop\Microsoft Visual Basic 6.0.lnk
[2010.05.02 22:03:19 | 000,000,185 | ---- | C] () -- C:\Windows\mdm.ini
[2010.05.02 20:01:24 | 000,003,009 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010.05.01 12:40:26 | 000,000,315 | ---- | C] () -- C:\Windows\ST6UNST.001
[2010.05.01 12:36:54 | 002,060,751 | ---- | C] () -- C:\Windows\Visual Basic 6.0 Runtime und Controls.CAB
[2010.05.01 12:36:54 | 000,004,531 | ---- | C] () -- C:\Windows\SETUP.LST
[2010.05.01 12:36:54 | 000,000,315 | ---- | C] () -- C:\Windows\ST6UNST.000
[2010.04.30 20:20:57 | 000,000,604 | ---- | C] () -- C:\Users\Alex\Desktop\Die Siedler 7.lnk
[2010.04.30 19:43:57 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\RonyaSoft CD DVD Label Maker.lnk
[2010.04.27 22:13:58 | 000,000,183 | ---- | C] () -- C:\Users\Alex\Documents\egb.key
[2010.04.27 16:49:06 | 000,000,500 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2010.04.27 16:49:05 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2010.03.28 20:40:10 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.01.30 00:08:30 | 000,000,322 | ---- | C] () -- C:\Windows\WpePro_0delay.INI
[2010.01.25 18:28:07 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2010.01.12 18:30:40 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.01.12 18:30:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.01.02 00:27:10 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2010.01.02 00:27:10 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2009.11.15 16:19:35 | 000,007,168 | ---- | C] () -- C:\Windows\Messenger.dll
[2009.11.15 16:19:33 | 000,009,728 | ---- | C] () -- C:\Windows\IDM.dll
[2009.11.10 18:05:54 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.10.14 18:01:42 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.10.11 18:36:30 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\XenocodeHelper.dll
[2009.10.08 16:00:02 | 000,006,904 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.10.07 21:54:34 | 000,000,804 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.03 14:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.06.03 14:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.06.03 13:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.05.26 11:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL
[1998.05.18 00:00:00 | 000,014,017 | ---- | C] () -- C:\Windows\JAUTOEXP.INI
[1998.04.24 00:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009.08.16 12:41:16 | 000,733,184 | ---- | M] () -- C:\BRMCrypt.exe
[2010.05.07 00:06:51 | 000,012,800 | ---- | M] (Microsoft) -- C:\IconChange.exe
[2010.05.06 23:21:52 | 000,435,712 | ---- | M] () -- C:\release.exe


< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.08.29 08:59:32 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:F35A93AD
< End of report >

Extra.txt:

OTL Extras logfile created on: 26.05.2010 19:06:18 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Alex\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 68,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,00 Gb Total Space | 13,22 Gb Free Space | 16,73% Space Free | Partition Type: NTFS
Drive D: | 585,94 Gb Total Space | 187,62 Gb Free Space | 32,02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 115,08 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MACHINEFROMHELL
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.ini[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.ini [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_USERS\S-1-5-21-1481984512-2953908538-1399946397-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = D:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)
"C:\Users\Alex\AppData\Roaming\wuauclt.exe" = C:\Users\Alex\AppData\Roaming\wuauclt.exe:*:Enabled:wuauclt -- ()
"D:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = D:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)
"C:\Users\Alex\AppData\Roaming\wuauclt.exe" = C:\Users\Alex\AppData\Roaming\wuauclt.exe:*:Enabled:wuauclt -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{47374ACF-9023-40e7-9830-ECED0DCBC3DC}" = Autodesk Maya 2011 English Documentation 64-bit
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = GlobeTrotter Connect
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{84BC87D4-0480-4E10-B15D-1E7886D55180}" = iTunes
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}" = Autodesk Maya 2011 64-bit
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0000-1000-0000000FF1CE}" = Microsoft Office Excel 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0000-1000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0000-1000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0000-1000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0048-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
"{975AC942-A4D1-42A1-98D4-6824E0393944}" = SmartAssembly 5
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC84C1E9-F4D4-4B8E-B35C-C88EEA0A5201}" = O&O Defrag Professional
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EDC3D528-A5DC-4B28-A278-2E368BED1A81}" = GlobeTrotter Connect
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"MAXONA0B4C530" = CINEMA 4D 11.514
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.EXCEL" = Microsoft Excel 2010
"Office14.OUTLOOK" = Microsoft Outlook 2010
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.WORD" = Microsoft Word 2010
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
".NET Reactor" = .NET Reactor
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0508A4AD-2521-4600-B68E-7E472DB20847}" = PInvoke.net Visual Studio Add-In
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}" = Gothic III Release Update
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2123905D-DED2-4FCE-0184-7336F2B77111}" = Krypton Toolkit 4.1.6
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{244BED9C-B83C-41D2-818A-2BDEFFDF9783}" = ArtinSoft Visual Basic Upgrade Companion
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33078F29-6795-4EB0-A828-88C72AFB5D53}" = ComponentOne Studio for WinForms
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33C355C4-9B87-4254-B795-0A9CDAFFA53F}_is1" = DepositFiles FileManager with FTP 0.9.9.163
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37155929-A51F-4BAB-B141-50B341F3299C}" = Desperados 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148" = Visual C++ 2008 x64 Runtime - v9.0.30729.4148
"{3CB70B01-4BC8-4C0F-B28F-7C6E33F913CC}" = Gtk# for .Net 2.12.9
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46D9F3E8-2837-4F22-9437-22C507D0AD31}" = Telerik RadControls for WinForms Q3 2009
"{4846B060-07D9-4271-B963-7FC5A784235F}" = RAMDisk
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F8C2DEB-98D3-4C76-FF8E-7A9EC3D65167}" = Krypton Toolkit 4.0.0
"{51688BA4-1515-49D8-9BA6-903D29EEB03B}" = PowerCommands for Visual Studio 2008
"{51BCBF3F-EBDC-485F-9C27-64CFCC6CC0CE}" = VisualSVN Server 2.1.1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5492EC47-EADA-41FA-955F-5C0B488F1170}" = Tube Increaser
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5E299E6E-78B6-4D4D-9A44-907240E92CFD}" = Stereoscopic Player
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6732AE9F-CE1A-4DC7-A18D-A23CAA99724C}" = .NET Reactor
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD® Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis 3
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A94FC37E-7B91-482D-8273-8DEFDC2E30B3}_is1" = SQLRiP 3.7 Professional
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B17E235C-7A3B-4482-B650-21FFDE1D452E}" = Empire Earth III
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BAE7C947-985A-4D48-A8BC-DDBF6B811808}" = .NET Reactor Registration v4.0.0.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A31DDC-157A-4DD7-9B5C-C692A06F61FD}" = Prison Break
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAEC5558-EA4A-4829-A88B-C4AEECB5FAFE}" = Xenocode Postbuild 2010 for .NET
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB70D484-320C-4017-AE70-CE06C79F7449}" = DotNetBar for Windows Forms
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution
"{E05B1C38-AE31-4146-8D47-E5E71BEB8D9E}" = Immortal Cities
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD7C6F8D-CDCB-4592-960B-DA3D65C8B851}" = {smartassembly}
"{FD9BBA53-5EB4-458E-B769-C22A88BE70EC}_is1" = hashcat GUI
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE42C2F7-5C27-4D4A-BF52-85BA564BD4E5}" = Xenocode Postbuild 2009 for .NET
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Counter-Strike: Source" = Counter-Strike: Source
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Cross Fire_is1" = Cross Fire En
"Crysis WARHEAD®" = Crysis WARHEAD®
"Crysis WARHEAD® Patch" = Crysis WARHEAD® Patch
"Desperados 1.0" = Desperados 1.0
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX-Setup
"email grabber_is1" = onl!ne email grabber professional 2.1.7
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Fraps" = Fraps (remove only)
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 1.1.0.12
"IBP11_is1" = IBP 11.5
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{E05B1C38-AE31-4146-8D47-E5E71BEB8D9E}" = Immortal Cities
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Legacy of Kain: Defiance" = Legacy of Kain: Defiance 1.1
"MAGIX Music Maker 16 Premium Download-Version D" = MAGIX Music Maker 16 Premium Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Metin2_is1" = Metin2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Miranda IM" = Miranda IM 0.8.11
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"Nmap" = Nmap 5.21
"No-IP.com DUC" = No-IP.com DUC (remove only)
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"NSS" = NSS (remove only)
"OpenAL" = OpenAL
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"PunkBusterSvc" = PunkBuster Services
"pyserial-py2.6" = Python 2.6 pyserial-2.4
"pywin32-py2.6" = Python 2.6 pywin32-214
"RapidSVN-0.12.0_is1" = RapidSVN-0.12.0
"RonyaSoft CD DVD Label Maker" = RonyaSoft CD DVD Label Maker 2.01
"RouterControl" = RouterControl 2.0
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"TeamViewer 5" = TeamViewer 5
"TrueCrypt" = TrueCrypt
"TuneUp Utilities" = TuneUp Utilities
"UseNeXT_is1" = UseNeXT
"uTorrent" = µTorrent
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.2
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1481984512-2953908538-1399946397-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.2.1
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by alexj., 26 May 2010 - 12:18 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 26 May 2010 - 02:14 PM

Hi,

please run a scan with Malwarebytes next:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 alexj.

alexj.
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 26 May 2010 - 05:37 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4146

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.05.2010 00:34:42
mbam-log-2010-05-27 (00-34-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 139380
Laufzeit: 3 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1yq4xr07-wwne-wclu-iukn-4wuq31hwdhfn} (Generic.Bot.H) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Alex\AppData\Roaming\wuauclt.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1481984512-2953908538-1399946397-1001\$RVN38ZJ.exe (Trojan.Zeus) -> Quarantined and deleted successfully.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 26 May 2010 - 06:02 PM

Hi,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


How is your PC currently doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 alexj.

alexj.
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 26 May 2010 - 06:10 PM

It is used for sharing files with my friends (I am the Seeder). I dont download files from them...

Still the same the Speed hasent changed :S

Edited by alexj., 26 May 2010 - 06:11 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 26 May 2010 - 06:17 PM

Could you please disable all your P2P programs and check how the internet speed is.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 alexj.

alexj.
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 26 May 2010 - 06:28 PM

QUOTE(myrti @ May 27 2010, 12:17 AM) View Post
Could you please disable all your P2P programs and check how the internet speed is.

regards myrti


I already did. It still stayed the same sad.gif

Edited by alexj., 26 May 2010 - 06:29 PM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 28 May 2010 - 04:52 AM

Hi,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.


C:\Users\Alex\AppData\Local\_xx_server.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 alexj.

alexj.
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 28 May 2010 - 06:36 AM

http://www.virustotal.com/de/analisis/e453...b82e-1275046429

I deleted it, it didnt make any problems. After a restart it also wasent anymore there. But changing the Internet Speed it didnt. Lookslike i am going to have to reinstall Windows. I am losing around 300kb/s at the moment.

Edited by alexj., 28 May 2010 - 06:37 AM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 30 May 2010 - 05:58 AM

Hi,

the infections was a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you want to clean, please provide a fresh log from OTL.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:26 AM

Posted 27 June 2010 - 04:23 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users