| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internetprobleme. Ein Schädling oder falsche Einstellungen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.09.2012, 16:45
| #1 |
 |  Internetprobleme. Ein Schädling oder falsche Einstellungen? Hallo, Ich habe ein Internetproblem. Denn es funktioniert sogut wie garnicht mehr. Cache ist gelöscht. Bei anderen Browser besteht das gleiche Problem. Die Ladezeiten sind sehr lang. Meist kommt dann...."Die Website kann nicht angezeigt werden". Manchmal läd es die Seiten nicht richtig, wobei dann nicht alles angezeigt wird. Kaltstart hilft auch nicht. Meine Freundin geht ebenfalls über gleichen Router ins Internet. Da besteht das Problem nicht. Manchmal habe ich die Möglichkeit, den Router zurückzusetzen. Das funktioniert dann. Das kommt immer dann, wenn "Die Website kann nicht angeziegt werden". Dann klicke ich auf "Problem suchen" und bekomme die Meldung, das es mit den Netzwerkadapter oder Modem ein Problem gibt. Und unten stehen dann verschiedene Auswahlmöglichkeiten. Da klicke ich immer auf "LAN- Verbindung" zurücksetzen". Was ist denn da schon wieder los?! Vielen Dank im voraus. |
|
07.09.2012, 17:01
| #2 |
| /// Malware-holic   | Internetprobleme. Ein Schädling oder falsche Einstellungen? hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
07.09.2012, 18:04
| #3 |
| | Internetprobleme. Ein Schädling oder falsche Einstellungen? Ich hoffe, das ist so korrekt.
__________________OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.09.2012 18:34:49 - Run 1 OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Melanie\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19298) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 62,40% Memory free 6,09 Gb Paging File | 4,82 Gb Available in Paging File | 79,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 22,80 Gb Free Space | 15,81% Space Free | Partition Type: NTFS Drive D: | 144,15 Gb Total Space | 84,81 Gb Free Space | 58,83% Space Free | Partition Type: NTFS Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.07 18:31:33 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe PRC - [2012.08.09 02:38:14 | 003,414,680 | ---- | M] (Electronic Arts) -- C:\Program Files\Origin\Origin.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.16 15:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.04.22 13:50:44 | 000,174,120 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.04.22 13:50:36 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2012.04.22 13:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2012.02.02 19:41:44 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Melanie\AppData\Local\Temp\RtkBtMnt.exe PRC - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2010.08.25 20:03:02 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2010.08.10 16:10:58 | 002,349,776 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.25 05:40:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.14 17:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.05.08 02:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.30 19:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.03.05 11:56:30 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2007.03.27 12:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer VCM\acp2HID.exe ========== Modules (No Company Name) ========== MOD - [2012.09.07 17:30:58 | 000,052,736 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012.09.01 11:01:42 | 000,063,488 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012.06.16 06:59:48 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.15 17:02:27 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.15 17:02:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.16 15:45:56 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll MOD - [2012.05.16 15:45:40 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012.05.16 15:45:40 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll MOD - [2012.05.16 15:45:38 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012.05.16 15:45:36 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll MOD - [2012.05.16 15:45:36 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll MOD - [2012.05.16 15:45:34 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012.05.16 15:45:34 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012.05.16 15:45:32 | 008,506,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll MOD - [2012.05.16 15:45:32 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012.05.16 15:45:30 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012.05.16 15:45:30 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll MOD - [2012.05.16 15:45:28 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012.05.16 15:45:22 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll MOD - [2012.05.16 15:45:22 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll MOD - [2012.05.16 15:45:20 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll MOD - [2012.05.16 15:44:54 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll MOD - [2012.05.16 15:44:16 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012.05.16 13:46:28 | 000,391,056 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll MOD - [2012.05.16 13:46:28 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll MOD - [2012.05.16 13:45:30 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2012.05.13 19:29:31 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.13 17:28:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.13 08:37:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.13 08:36:54 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012.05.13 08:36:01 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.13 08:35:39 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2010.01.22 15:13:30 | 000,323,160 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\winSkinD7R.bpl MOD - [2010.01.22 15:13:16 | 000,045,656 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl MOD - [2010.01.22 15:11:36 | 000,150,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\STFix.dll MOD - [2010.01.22 15:11:30 | 000,057,432 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\NtfsData.dll MOD - [2009.08.16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.05.14 17:05:10 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2008.05.07 20:06:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.05.07 20:06:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.05.07 20:06:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2008.04.30 16:00:02 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2008.04.04 03:00:58 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2007.09.11 11:12:08 | 000,475,136 | ---- | M] () -- C:\Program Files\Acer\Acer VCM\AcerControl.dll MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - [2012.08.15 16:42:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- C:\Users\Melanie\AppData\Local\Temp\5776.sys -- (5776) DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012.01.17 20:04:28 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009.05.07 18:23:00 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.10 19:23:50 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE2Emdm.sys -- (SE2Emdm) DRV - [2006.11.10 19:23:48 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE2Emdfl.sys -- (SE2Emdfl) DRV - [2006.11.10 19:23:42 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE2Ebus.sys -- (SE2Ebus) DRV - [2002.07.17 17:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Program Files\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 20 68 53 4C 41 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Program Files\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{33884283-6AFC-47E6-8E99-97A67428C427}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7_____de IE - HKCU\..\SearchScopes\{9E0543C7-01AB-4629-AADE-14618AE20644}: "URL" = hxxp://de.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=937811&p={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:5.30.4 FF - prefs.js..extensions.enabledAddons: OneClickDownload@OneClickDownload.com:1.0 FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100006 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Melanie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.20 18:28:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 02:20:22 | 000,000,000 | ---D | M] [2010.08.03 14:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Extensions [2012.08.03 12:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions [2011.02.11 17:02:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.04 16:48:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.03 12:41:41 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.01.20 19:33:03 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.12.23 20:27:02 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions\engine@conduit.com [2012.08.03 12:40:27 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions\OneClickDownload@OneClickDownload.com [2012.08.03 12:40:33 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions\plugin@yontoo.com [2010.12.08 16:47:52 | 000,000,927 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\mozilla\firefox\profiles\uoiz31cn.default\searchplugins\conduit.xml [2012.01.20 18:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.09.01 10:30:07 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (TranslatorBar 1.2 Toolbar) - {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Program Files\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (TranslatorBar 1.2 Toolbar) - {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Program Files\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (TranslatorBar 1.2 Toolbar) - {548F6736-8FE4-4680-82F2-170D6C07E1D2} - C:\Program Files\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Melanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Melanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E811D30-5B9D-459A-9418-1DAB9B194607}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C83C2E58-E41D-4A49-AB9B-A0B62AE8C939}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Melanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.8087520392255758.exe.lnk - - File not found MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.07 18:31:31 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe [2012.09.05 16:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.09.05 03:01:20 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.05 03:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.05 03:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.01 11:00:59 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\SUPERAntiSpyware.com [2012.09.01 11:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.09.01 11:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware ========== Files - Modified Within 30 Days ========== [2012.09.07 18:42:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.07 18:33:59 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.07 18:31:33 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe [2012.09.07 17:30:36 | 000,002,299 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\acervcmtmp.ini [2012.09.07 17:30:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.09.07 17:30:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.07 17:30:22 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job [2012.09.07 17:30:13 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 17:30:13 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 17:30:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.07 17:30:05 | 3146,633,216 | -HS- | M] () -- C:\hiberfil.sys [2012.09.07 17:15:44 | 000,194,749 | ---- | M] () -- C:\Users\Melanie\Desktop\Unbenannt.jpg [2012.09.02 10:22:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.09.01 10:30:07 | 000,000,761 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.08.19 16:40:09 | 000,000,000 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\FileOut.cns [2012.08.19 16:40:09 | 000,000,000 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\FileIn.cns [2012.08.16 02:17:58 | 003,682,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.12 18:15:50 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.12 18:15:50 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.12 18:15:50 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.12 18:15:50 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012.09.07 17:15:44 | 000,194,749 | ---- | C] () -- C:\Users\Melanie\Desktop\Unbenannt.jpg [2011.03.22 16:52:49 | 000,000,312 | ---- | C] () -- C:\Windows\Demex.INI [2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011.01.26 17:57:21 | 000,009,063 | ---- | C] () -- C:\Users\Melanie\.recently-used.xbel [2011.01.21 15:52:42 | 000,096,346 | ---- | C] () -- C:\Program Files\Viktigt om Photoshop CS5.pdf [2011.01.21 15:52:42 | 000,092,906 | ---- | C] () -- C:\Program Files\Photoshop CS5 - Bitte lesen.pdf [2011.01.21 15:52:42 | 000,086,075 | ---- | C] () -- C:\Program Files\Photoshop CS5 — Lisez-moi.pdf [2011.01.21 15:52:42 | 000,085,584 | ---- | C] () -- C:\Program Files\Léame de Photoshop CS5.pdf [2011.01.21 15:52:42 | 000,079,176 | ---- | C] () -- C:\Program Files\Photoshop CS5 - Lueminut.pdf [2011.01.21 15:52:42 | 000,079,067 | ---- | C] () -- C:\Program Files\Vigtigt-fil til Photoshop CS5.pdf [2011.01.21 15:52:42 | 000,078,485 | ---- | C] () -- C:\Program Files\Viktig om Photoshop CS5.pdf [2011.01.21 15:52:41 | 000,096,852 | ---- | C] () -- C:\Program Files\Leia-me do Photoshop CS5.pdf [2011.01.21 15:52:41 | 000,086,462 | ---- | C] () -- C:\Program Files\Lees mij voor Photoshop CS5.pdf [2011.01.21 15:52:41 | 000,085,462 | ---- | C] () -- C:\Program Files\Leggimi di Photoshop CS5.pdf [2010.10.06 16:53:05 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010.10.04 09:59:30 | 000,000,052 | ---- | C] () -- C:\Windows\wininit.ini [2010.10.02 07:23:54 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.09.29 11:32:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2010.09.29 11:32:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2010.09.28 09:06:14 | 000,005,056 | ---- | C] () -- C:\ProgramData\drctchbl.xvi [2010.08.28 00:47:58 | 000,002,299 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\acervcmtmp.ini [2010.02.24 12:57:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.01.23 14:50:06 | 000,007,052 | ---- | C] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat [2009.11.01 16:35:56 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\FileOut.cns [2009.11.01 16:35:56 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\FileIn.cns [2008.10.05 00:05:18 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\wklnhst.dat [2008.10.04 21:55:48 | 000,102,912 | ---- | C] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.04 16:31:59 | 000,000,669 | ---- | C] () -- C:\Users\Melanie\Sample Pictures.lnk ========== LOP Check ========== [2008.10.08 18:17:35 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Acer [2008.05.07 20:02:23 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Acer GameZone Console [2010.09.09 16:18:04 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\ASCOMP Software [2010.09.30 09:07:26 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Axfeoh [2008.10.12 20:08:34 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Big Fish Games [2012.01.17 20:18:46 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Canneverbe Limited [2011.01.21 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009.11.03 16:13:09 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\DAEMON Tools Pro [2012.03.10 17:04:21 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\DVDVideoSoft [2011.08.21 17:11:18 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.22 14:55:54 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\EAC [2008.10.04 20:47:32 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\eSobi [2008.10.10 18:12:11 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\FloodLightGames [2008.10.15 23:19:55 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Gaijin Ent [2008.10.10 14:58:35 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Gearbox Software [2010.12.27 21:57:58 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\GetRightToGo [2012.01.20 18:43:41 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\GHISLER [2011.01.25 14:35:44 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\gtk-2.0 [2010.12.15 11:28:37 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\ICQ [2010.10.12 06:22:34 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\IObit [2008.10.13 19:37:42 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\iWin [2011.03.16 15:56:19 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Jasc [2010.05.09 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\MAGIX [2012.03.25 13:18:11 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Nokia [2012.03.25 13:18:12 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Nokia Suite [2012.08.09 02:40:01 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Origin [2011.09.02 17:23:20 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\PC Suite [2012.01.17 15:17:32 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\PhotoFiltre [2008.10.11 23:33:04 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\PlayFirst [2012.03.11 11:22:29 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Systweak [2009.12.21 09:29:22 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\temp [2008.10.05 00:05:56 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Template [2011.01.09 23:35:27 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\TubeBox [2010.03.12 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\TuneUp Software [2010.09.14 12:46:21 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\UDC Profiles [2010.03.15 12:20:46 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Uniblue [2010.09.29 11:49:10 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Yqmii [2012.09.07 17:30:22 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job [2012.09.07 17:29:23 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.01.18 22:13:28 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.10.04 13:05:22 | 000,000,000 | ---D | M] -- C:\Acer [2011.12.24 15:46:36 | 000,000,000 | ---D | M] -- C:\ActivityChanger [2008.09.10 18:43:54 | 000,000,000 | ---D | M] -- C:\Book [2009.07.27 22:07:07 | 000,000,000 | ---D | M] -- C:\Boot [2010.12.08 16:45:31 | 000,000,000 | ---D | M] -- C:\CabMakerFiles [2009.05.18 12:41:45 | 000,000,000 | ---D | M] -- C:\CDHOME [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.10.04 16:27:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.06.30 18:04:13 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2010.09.06 20:53:33 | 000,000,000 | ---D | M] -- C:\EGIS_Drive [2008.10.04 16:35:54 | 000,000,000 | ---D | M] -- C:\Elements [2012.07.22 19:06:36 | 000,000,000 | ---D | M] -- C:\engine [2008.04.30 09:21:30 | 000,000,000 | ---D | M] -- C:\Intel [2008.05.07 19:46:17 | 000,000,000 | R--D | M] -- C:\MSOCache [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.09.05 03:01:20 | 000,000,000 | ---D | M] -- C:\Program Files [2012.09.01 10:59:52 | 000,000,000 | ---D | M] -- C:\ProgramData [2008.10.04 16:27:30 | 000,000,000 | -HSD | M] -- C:\Programme [2012.02.01 21:00:24 | 000,000,000 | R--D | M] -- C:\Sandbox [2011.01.24 23:04:09 | 000,000,000 | ---D | M] -- C:\SETUP [2012.07.22 19:06:36 | 000,000,000 | -H-D | M] -- C:\SETUP.1 [2012.07.22 19:09:43 | 000,000,000 | -H-D | M] -- C:\SETUP.2 [2012.08.03 23:06:01 | 000,000,000 | -H-D | M] -- C:\SETUP.3 [2012.09.07 18:43:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.08.19 16:40:24 | 000,000,000 | ---D | M] -- C:\Train Store [2010.08.16 04:36:42 | 000,000,000 | R--D | M] -- C:\Users [2012.07.08 10:00:49 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\agp440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.09.10 18:44:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.09.10 18:44:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.09.10 18:44:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2011.12.24 18:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.01.26 17:57:21 | 000,009,063 | ---- | M] () -- C:\Users\Melanie\.recently-used.xbel [2012.09.07 18:34:52 | 006,029,312 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat [2012.09.07 18:34:52 | 000,262,144 | ---- | M] () -- C:\Users\Melanie\ntuser.dat.LOG1 [2010.08.24 13:25:56 | 000,262,144 | ---- | M] () -- C:\Users\Melanie\ntuser.dat.LOG2 [2012.09.07 17:29:21 | 000,065,536 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{37f50bb9-ee82-11e0-a4e4-001d72c6155e}.TM.blf [2012.09.07 17:29:21 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{37f50bb9-ee82-11e0-a4e4-001d72c6155e}.TMContainer00000000000000000001.regtrans-ms [2011.10.04 23:05:42 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{37f50bb9-ee82-11e0-a4e4-001d72c6155e}.TMContainer00000000000000000002.regtrans-ms [2010.05.29 08:32:40 | 000,065,536 | -HS- | M] () -- C:\Users\Melanie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.29 08:32:40 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008.10.04 16:31:01 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.10.04 14:31:47 | 000,065,536 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{59c42f6b-cef9-11df-893a-001d72c6155e}.TM.blf [2011.10.04 14:31:47 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{59c42f6b-cef9-11df-893a-001d72c6155e}.TMContainer00000000000000000001.regtrans-ms [2010.10.03 21:08:07 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{59c42f6b-cef9-11df-893a-001d72c6155e}.TMContainer00000000000000000002.regtrans-ms [2010.10.03 15:57:08 | 000,065,536 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{86966b68-6af0-11df-adb2-001d72c6155e}.TM.blf [2010.10.03 15:57:08 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{86966b68-6af0-11df-adb2-001d72c6155e}.TMContainer00000000000000000001.regtrans-ms [2010.05.29 09:06:59 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{86966b68-6af0-11df-adb2-001d72c6155e}.TMContainer00000000000000000002.regtrans-ms [2010.05.29 08:52:41 | 000,065,536 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{edb220e7-6aec-11df-b273-001d72c6155e}.TM.blf [2010.05.29 08:52:41 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{edb220e7-6aec-11df-b273-001d72c6155e}.TMContainer00000000000000000001.regtrans-ms [2010.05.29 08:41:10 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{edb220e7-6aec-11df-b273-001d72c6155e}.TMContainer00000000000000000002.regtrans-ms [2008.10.04 16:31:01 | 000,000,020 | -HS- | M] () -- C:\Users\Melanie\ntuser.ini [2008.10.04 16:31:59 | 000,000,669 | ---- | M] () -- C:\Users\Melanie\Sample Pictures.lnk < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.09.2012 18:34:49 - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Melanie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 62,40% Memory free
6,09 Gb Paging File | 4,82 Gb Available in Paging File | 79,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 22,80 Gb Free Space | 15,81% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 84,81 Gb Free Space | 58,83% Space Free | Partition Type: NTFS
Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E11437-59C8-4EB0-8D5E-283C8F05EF4A}" = rport=137 | protocol=17 | dir=out | app=system |
"{0C00CD96-E916-4407-BCF7-6DECD3A82C64}" = lport=139 | protocol=6 | dir=in | app=system |
"{2882D68C-FC26-4BAF-A42C-E9D0ED988E14}" = rport=139 | protocol=6 | dir=out | app=system |
"{4A032908-2B58-4F81-A93F-0620ECA91478}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E510D95-42BD-41D0-B666-AD5F613957FF}" = rport=445 | protocol=6 | dir=out | app=system |
"{643AD0F3-9D35-4525-90C0-010A7D263420}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{784E2A77-F00D-4E1D-8586-22B145D9F9A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8651D672-111F-40A6-B800-1BFFF5CB1262}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8C2D4A10-B6A1-4610-9D38-E2943BBDB40D}" = lport=137 | protocol=17 | dir=in | app=system |
"{945B0167-FF4B-49F6-9265-2B97CF4E0E1A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A15E0144-73F5-4F5A-90D0-D7514147F6DA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A364324E-B2E1-4000-A07D-D68078E2DB39}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA9759AB-2735-4130-BA21-CA934597F217}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B0CCEC36-0F68-4200-9333-07ABDC9E6849}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B3743900-03CE-48DB-AB35-E7E997A036C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBCB0133-12F2-49E1-8A9E-C87374CF6097}" = lport=445 | protocol=6 | dir=in | app=system |
"{C0849094-A269-43F7-A514-8A8C66D993C0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CD6B8795-BB01-401C-A467-E540D3C6F34B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D079FD0A-2E5D-4340-ADF7-EF1DF81D13CB}" = lport=138 | protocol=17 | dir=in | app=system |
"{FDF55BDF-09D1-404F-8550-43F21FB73820}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046CAE90-41BD-4DFF-9F66-69CBDABEA0DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0515AB49-D391-4A91-8DAF-53C4D3C2F355}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{057C4092-4B25-4539-939B-63111302ADC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07AB2621-6363-4FD4-A967-F8B970F0F8E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AA0CB6D-250A-497E-896F-CC4E0E01269B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E42E275-4EDB-4BE4-9107-69835DD8382A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1078D01E-5551-4BBA-B6D4-0A4CB6DB4C87}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{13B1B061-F775-40F5-BC17-822DAEDA0C4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18F13C8A-2F99-4689-A939-5F2BEEEE4676}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B31B917-3FB6-4893-AEFB-86D65F402F3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F4BF65C-AD70-4820-A638-34912EDC82B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{201477B6-A117-44F3-A075-F09B1F3E8CC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2865EE00-F211-4AD9-849A-446E836A2CE9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2AEE8DF9-D92E-45A7-A7CA-60478A153D76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2BD739EF-A368-40D8-8694-38C445AFF41E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2BEC0200-4362-4359-8DA8-1E235BD7E646}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2CDCF5F8-6BE7-4195-B77A-DBE6DC9C8B00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D6C587F-53A7-41DA-A284-844F79B44E52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2DB9864A-7249-4E0B-9B05-84DF35F6E304}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2E12FE3B-F0BF-4E1B-875B-01449643E220}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E39948B-3696-4D57-A6BE-DC4061598B5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F95D4F7-1A70-4609-8797-1F4695C71702}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30B1BB7C-47DA-409F-9A46-272821AD65E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31A2002C-2D07-4788-A180-D1FB7DF92E6E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{31EE60CF-0E6A-4F5E-A2B9-23EE956A20DA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{32C776B1-88B3-498B-BDDD-382E5DA221A5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{34F8E6F2-3633-4471-8D44-EA6DD247C4BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{357157BD-043D-4229-97C7-6BEABC42647F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36D901B5-EADB-4255-A267-C76D8598AC78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{381AAF77-5325-44C7-BBDF-1F1A67E76AC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3867FFCB-159C-405B-AB2E-64EEAB55BD47}" = protocol=6 | dir=in | app=c:\gamigo\snowboundonline\run.exe |
"{38FE7F86-9D6B-43F3-A7D0-D452EB973705}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39543FCA-E84E-4C40-BDBD-3AD976759DFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F191BD8-E698-460A-8E8B-39B1F3923758}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F2A30C2-D1C1-41BB-9EFC-ED567874373F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{405CF252-7C68-4DA7-BF60-4350E324D3AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40F6633E-C7F1-4B60-A140-293DB36D74F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{473D0EBB-ED72-4BCD-9868-A12242E9F7ED}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4CBED2F2-E9DE-4B1F-A436-742C6E9F4A6D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D013F74-3C09-499E-9EE2-04EC2B33842C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E03B8D7-3820-4ABB-B0FD-3C8D279BE0B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E68C5A0-5745-45E5-9D6F-310383B088EA}" = protocol=17 | dir=in | app=e:\libneap.dll |
"{5042E790-1744-4447-AD2D-8B89F17ADD43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5426B4D8-11C5-4418-B531-70355A855A0D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{54D9BC0D-F3EC-4491-988E-72FDCF6C729F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AD711F2-CD42-429E-818E-E2A72FAD3FF2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{5EB66F48-0DF4-49AE-8897-76AEDA2FA512}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F445A37-1343-4DEB-A2C3-B705E4382C35}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5F5DE20E-E07B-41C8-941A-1DA578BE3076}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{623F3F0C-96E3-4507-BC2C-6751D634CA79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63D7495B-9C2F-4C95-8ADD-8A62782781D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{663E24DB-746F-4613-A025-711B5352DF9A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6698C2B0-0C8C-4BB4-AC2D-76CBD39FA84B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66EB64F4-4600-4C86-B478-2BC2E528FDAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{686C827B-3F1E-4B91-834A-B92FBE144655}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{69E15D11-2F91-4A1A-BA60-6DFB87DF6DBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C6D270D-9A2E-495B-B7B3-20CCAC190787}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CAD8071-31AD-4DBA-B819-2FEE6DD0200E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CD629A3-AF4A-4EE4-B3DB-759E3ED6EEA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D9FF4BA-8651-4AE4-A762-9D7549032A22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{700FF7C9-0677-496A-84D5-E6EAB672A274}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7342C6A4-8AC8-4854-A52A-E52D09D484B0}" = protocol=17 | dir=in | app=e:\alicesetup.exe |
"{74BEE852-5C5F-4F60-9C63-6033F6513F06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{769C3A4E-BB2D-46C0-967C-0602B83F3261}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C0A7420-F5A9-4FB3-A313-79B5B5F94228}" = protocol=6 | dir=in | app=e:\libneap.dll |
"{7EC7D901-F7A4-4E8A-8BEF-B0AA9FB84F81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{831C7BC7-8A7C-4A3C-87B6-879B810A3C49}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A242C81-33AC-4B6C-9D23-50A4360AC30C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8AF0D93E-83E2-460D-B674-27487D45D47D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B2B9469-10B8-4B65-9139-D84FB2585854}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B3488E5-E66D-4C64-A6D6-400D01F097BA}" = protocol=17 | dir=in | app=e:\dwizard615.exe |
"{8FA528E3-1568-4DB4-A8C2-CC941BA9335F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{912C173F-76FA-43A2-9A1B-1217ADBCA054}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{92199FC9-675B-41DD-A674-A697D6DF84FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E00047A-456B-4324-9237-5B8996187512}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A14FF724-1692-4982-9999-8DDA3BD64CF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7898854-4855-42AD-A680-595A87E9CCC5}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{A7F136AA-66E0-4782-AD73-4100136243C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABE5CFA9-8510-4F6C-A17F-FA7AF7F79FBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B395FF55-052E-4511-8AE5-4C79FF3318CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5195AB3-74D6-41FD-AC3E-F13518F4641A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5278D6D-EE48-44EB-B951-DB858009BB11}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B7750CF6-AD6A-4023-B1F8-4AFF7CC5C0E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B77F9E97-92E6-4165-8073-C25B985F7ABA}" = protocol=17 | dir=in | app=c:\gamigo\snowboundonline\run.exe |
"{C120845B-15ED-4155-878E-ABE812208B34}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9D8324F-BD4A-44D3-AA49-2B99BC9E5492}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAE458B9-6B41-469F-81C2-009550143045}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD04A254-A2E8-4ADB-96D2-91074CD83499}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D4B234B0-B109-4106-8A6F-C16FC6F18713}" = protocol=6 | dir=in | app=e:\dwizard615.exe |
"{D5CB2415-F15F-4148-88D8-73081C54F0D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D72A2A13-2176-4554-B5AB-EC4DCC6F27CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D89BC81B-F048-4FFE-A0FC-7F79DCDDF241}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBF97DF8-19E3-4347-9A10-EBB5EAE7D1D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC5A5504-5DBC-44E1-9F93-576CA513434C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFCE3B1E-5608-4F48-9692-11E4FE1FB82D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E7626F63-126B-4076-888F-8285C87924CA}" = protocol=6 | dir=in | app=e:\alicesetup.exe |
"{E951B1DB-74A9-4390-A214-B7CC94EA1A66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9BB441F-C6F6-4FBD-A10D-C7B17E32BEB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9D31E29-0BE1-4F04-8955-5B8661B6F271}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF1AB119-742C-45F6-BED3-EA5389E9DED8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF8F2DCF-6C91-4317-9FFF-5F6773A7FD87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F25B8834-D667-4269-B7F7-932B44911059}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F36386E8-22AB-4180-8CBF-8A7BB14BD68D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F39D629A-C59F-4EFE-8701-1FB8572EA983}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F85931DE-2FCE-4B1D-9202-52E3324F2007}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F96C5476-AEE3-4280-A7D4-5953188EFA71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE697784-DB62-446A-86D7-34C40E65ABAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{055B05DE-1E25-4A6B-8709-0BE0281B1ABA}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"TCP Query User{0A04BDCF-CCDA-4B29-B6B4-20626F0EA5B5}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe |
"TCP Query User{0C6EA673-AC9D-4728-9464-25CB86BAB5E6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{1C1B8E93-0AA3-4E7D-9AA6-14B67FFBE5CB}C:\program files\ea sports\fussball manager 12\online\fmonline.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 12\online\fmonline.exe |
"TCP Query User{2986400D-C5D6-486C-9ADD-CDE44E75D3ED}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{3574FA08-1F87-4ED2-B8DC-3A7BEFF021B0}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe |
"TCP Query User{388744BD-3526-4412-A4BB-1109BFC29F0C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4BF1F50E-E8AF-4079-BEEA-27C2A6AC8D50}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{5205D070-46C7-4622-93F9-779667C051B3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{5D15C7B8-CFA4-431B-A682-A9D23FB00D13}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A4685A39-4761-488F-AEEE-68E338D03644}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe |
"TCP Query User{AFBF6A7F-2DA6-4B8C-8BA9-EBE64DECE3BE}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C51BCCDF-F365-4BC2-8947-AAEF7392B2E1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D0F63E59-D865-4AEC-A6F3-08F091D0B961}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{D1E9BC05-4850-4BB1-B835-17DF2AE04E0B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{D38BC35D-90EE-4754-B32B-096C4A1969F4}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{E13B0C81-C9EF-4B9B-9963-FBD520A40C5A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E79382BD-A4B3-499A-802B-41D15751A6B6}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe |
"TCP Query User{ED6ED9CC-F340-4574-B49C-5677008F52D1}C:\program files\ea sports\fussball manager 12\online\fmonline.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 12\online\fmonline.exe |
"TCP Query User{EF2FA0ED-34D2-4BE7-ADB8-52F4E8BB7BF4}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{0894D49F-80BA-4011-A4BB-59E5B5CB123C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{10E6197C-C817-425D-91E3-5D4A08621E48}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{24872BAB-B28E-4869-ABE8-6489FF03852D}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{431C4731-6139-48D2-B95C-CB789E8D1C48}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4483AA06-2F55-4DFC-99EA-9D0870834E90}C:\program files\ea sports\fussball manager 12\online\fmonline.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 12\online\fmonline.exe |
"UDP Query User{54B5A8BF-7CE4-41F3-B3CD-51C0929F8BD8}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe |
"UDP Query User{5763FB3E-FBCE-4FE8-A52D-332677094EA9}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe |
"UDP Query User{72E33DF3-3CB6-433E-B53C-58D83282A470}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{7BC4F64D-A858-406E-B76E-880D79090B7C}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{9410DC36-2531-4B37-AC81-84863F76C926}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe |
"UDP Query User{9A4E1845-1B11-4175-BDA4-BF598D1120CC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A3692EF5-D088-49D7-A6E2-4804785699FB}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{A588C00C-4B09-490C-8964-EFECC2E58D34}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{AFC28250-7B0E-469F-BD9F-492205F76473}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{C64DF1BC-7E98-462E-BF9C-3ACFF3AA619A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{C8DA22EB-058E-495F-91A8-B87E94B7B5C9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{CA796A13-5E4C-43B8-BCCD-510B80B436E6}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe |
"UDP Query User{D3A5978F-824B-4DC7-B810-DC2C7DF357F1}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{EEADDAED-B901-42C6-8941-63F704AC288E}C:\program files\ea sports\fussball manager 12\online\fmonline.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 12\online\fmonline.exe |
"UDP Query User{FEAD0ED5-B023-4930-A4EB-EEA445753E6A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Autobus ATM" per Train Simulator" = "Autobus ATM" per Train Simulator
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CFF3525-4420-48F7-981B-BF771DA53BA6}_is1" = rcPass_Pass-0002_v2_2
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.8.0521 EN
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A0C1B89-04F3-4AAE-92AC-133B8D2DBEF3}_is1" = UZ_WLABmee62-001 v2.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EC12739-C256-4681-8E06-2FE51D4499C1}_is1" = MRCE 189 2.0
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8226A577-657C-4961-8DDC-EAC8DF61B465}" = Microsoft Train Simulator gmax Gamepack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1DDF160-9EE1-492B-A8D7-028B5CE0DBC8}_is1" = SZD_RIC-001 v1.0
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D16ECDF4-DA6F-418F-947A-C1652B5CFD96}" = SweetIM for Messenger 2.7
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1)
"1ClickDownload" = 1ClickDownloader
"4Musics MP3 to WAV Converter 4.3_is1" = 4Musics MP3 to WAV Converter 4.3
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"AceIt_is1" = AceIt v1.3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AnswerWorks" = AnswerWorks Runtime
"BrothersInArms" = Brothers In Arms
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Convoi" = Convoi 1.50
"DB Br 474 v0.1" = DB Br 474 v0.1
"Dél Alföld pálya: Béta Verzió" = Dél Alföld pálya: Béta Verzió
"DemexV1" = DEMEX
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"Druckertüchtigte IC-Wagen für den MSTS" = Druckertüchtigte IC-Wagen für den MSTS 1.0
"Eisenbahn Verkehrspläne Auskunft 3" = Eisenbahn Verkehrspläne Auskunft 3
"FormatFactory" = FormatFactory 2.90
"Free Video to Nokia Phones Converter_is1" = Free Video to Nokia Phones Converter version 2.3.815
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Lepsény-Rajka horgásztó-Rajka-Pápa" = Lepsény-Rajka horgásztó-Rajka-Pápa
"LManager" = Launch Manager
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"mp3-2-wav" = mp3-2-wav converter 1.14
"MSTS Activity Mover_is1" = MSTS Activity Mover, 1.0
"Nokia Suite" = Nokia Suite
"Origin" = Origin
"ProTrain 12 Karlsruhe - Basel 1.0" = ProTrain 12 Karlsruhe - Basel 1.0
"ProTrain 12 Raildriver 1.0" = ProTrain 12 Raildriver 1.0
"ProTrain 36 1.0" = ProTrain 36 1.0
"ProTrain 7 - Frankfurt-Nürnberg 1.0" = ProTrain 7 - Frankfurt-Nürnberg 1.0
"ProTrain Thema 1 - Nachtzüge 1.0" = ProTrain Thema 1 - Nachtzüge 1.0
"ProTrain Thema 1 Raildriver 1.0" = ProTrain Thema 1 Raildriver 1.0
"r8brain" = r8brain 1.9
"Revo Uninstaller" = Revo Uninstaller 1.93
"RRT_RIC_Patch_is1" = Ïàò÷ äëÿ ïàññàæèðñêèõ âàãîíîâ ãàáàðèòà RIC ¹¹ 0001-0002
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"STP DB ICE VT 605 V1.0" = STP DB ICE VT 605 V1.0
"STP DB ICE3 406 V1.0" = STP DB ICE3 406 V1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TGATool2A_is1" = TGATool2A version 4.00.34
"The route Bratislava-Brno-Praha for MSTS_is1" = The route Bratislava-Brno-Praha for MSTS version from BP 77 /
"Train Simulator 1.0" = Microsoft Train Simulator
"Train Store (German Language Pack)" = Train Store (German Language Pack)
"Train Store V3.2" = Train Store V3.2
"TranslatorBar_1.2 Toolbar" = TranslatorBar 1.2 Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WLABm_Rest_PKP_0001" = WLABm_Rest_PKP_0001
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Route_Riter v7.5" = Route_Riter v7.5
"Wupper Express 11 Actpack 1.0" = Wupper Express 11 Actpack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.09.2012 12:02:11 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager12.exe, Version 1.0.0.3, Zeitstempel
0x4ee1398a, fehlerhaftes Modul Telemetry.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4e5df9f0, Ausnahmecode 0xc0000005, Fehleroffset 0x64d72889, Prozess-ID 0x518,
Anwendungsstartzeit 01cd8c430912e717.
Error - 06.09.2012 12:15:27 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.09.2012 12:31:38 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.09.2012 12:36:23 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.09.2012 12:37:17 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung IObitUpdate.exe, Version 1.1.0.261, Zeitstempel
0x2a425e19, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel
0x4da47967, Ausnahmecode 0xc0000005, Fehleroffset 0x000bfea5, Prozess-ID 0xdd8,
Anwendungsstartzeit 01cd8c4dd4bd57c1.
Error - 06.09.2012 20:01:30 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.09.2012 21:25:34 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager12.exe, Version 1.0.0.3, Zeitstempel
0x4ee1398a, fehlerhaftes Modul Telemetry.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4e5df9f0, Ausnahmecode 0xc0000005, Fehleroffset 0x65d92889, Prozess-ID 0x12d4,
Anwendungsstartzeit 01cd8c8e1ef92cec.
Error - 07.09.2012 11:10:06 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.09.2012 11:30:28 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.09.2012 12:33:22 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Manager12.exe, Version 1.0.0.3, Zeitstempel
0x4ee1398a, fehlerhaftes Modul Telemetry.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4e5df9f0, Ausnahmecode 0xc0000005, Fehleroffset 0x6a412889, Prozess-ID 0x784,
Anwendungsstartzeit 01cd8d125aebd68b.
[ System Events ]
Error - 07.09.2012 11:10:06 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.09.2012 11:14:14 | Computer Name = Melanie-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 07.09.2012 11:17:14 | Computer Name = Melanie-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 07.09.2012 11:17:19 | Computer Name = Melanie-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 07.09.2012 11:29:54 | Computer Name = Melanie-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 07.09.2012 11:30:03 | Computer Name = Melanie-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 07.09.2012 11:30:28 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.09.2012 11:30:28 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.09.2012 11:31:52 | Computer Name = Melanie-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 07.09.2012 11:44:43 | Computer Name = Melanie-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 002269732DB5 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
[ TuneUp Events ]
Error - 12.06.2010 15:01:08 | Computer Name = Melanie-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
< End of report >
|
|
07.09.2012, 18:14
| #4 |
| /// Malware-holic | Internetprobleme. Ein Schädling oder falsche Einstellungen? ich hatte dir damals zur instalation einiger programme geraten, sehe sie hier aber nicht? hattest du wenigstens regelmäßige backups gemacht? dann spiele mal eins zurück
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.09.2012, 18:21
| #5 |
| | Internetprobleme. Ein Schädling oder falsche Einstellungen? Dieses MBRCheck, Sandboxie und Malwarebytes habe ich. Nebst mein Antivirus. BachkUps.....davon weiß ich leider nichts. Vielleicht ist es untergegangen. Apropos.....ein Systemwiederherstellungspunkt kann ich auch nicht erstellen. Denn das ist immer meine erste Alternative, wenn ich mit den Lappi Probleme habe. |
|
07.09.2012, 18:36
| #6 | |
| /// Malware-holic | Internetprobleme. Ein Schädling oder falsche Einstellungen? ne, das ist keine alternative, ich hatte dir damals gesagt, richte dir nen backup ein, dass ist ne alternative, denn damit wird das system dann, im notfall sauber zurück gesetzt, die swh macht häufig probleme. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Internetprobleme. Ein Schädling oder falsche Einstellungen? |
|
07.09.2012, 19:38
| #7 |
| | Internetprobleme. Ein Schädling oder falsche Einstellungen? Endlich fertig. Combofix Logfile: Code:
ATTFilter ComboFix 12-09-07.03 - Melanie 07.09.2012 19:52:01.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3000.1906 [GMT 2:00]
ausgeführt von:: c:\users\Melanie\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-07 bis 2012-09-07 ))))))))))))))))))))))))))))))
.
.
2012-09-07 18:07 . 2012-09-07 18:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-07 18:07 . 2012-09-07 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-05 01:01 . 2012-09-05 01:01 -------- d-----w- c:\program files\Common Files\Skype
2012-09-05 01:01 . 2012-09-05 01:01 -------- d-----r- c:\program files\Skype
2012-09-01 09:00 . 2012-09-07 17:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-15 17:11 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 13:28 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 13:28 . 2012-06-28 11:37 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-15 13:28 . 2012-06-28 11:31 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-08-15 13:28 . 2012-06-28 11:36 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-08-15 13:28 . 2012-06-28 11:31 521728 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-08-15 13:28 . 2012-06-28 11:31 247808 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:42 . 2012-04-01 07:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:42 . 2012-01-20 16:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-01-19 13:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-21 07:42 . 2012-01-20 16:28 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-03-30 . 27D470DABC77BC60D0A3B0E4DEB6CB91 . 905600 . . [6.0.6002.18604] . . c:\windows\System32\drivers\tcpip.sys
.
[7] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\System32\wuauclt.exe
.
[7] 2012-04-23 . 75C6A297E364014840B48ECCD7525E30 . 133120 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll
[7] 2012-04-23 . 75C6A297E364014840B48ECCD7525E30 . 133120 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_77e34ec697f67015\cryptsvc.dll
[7] 2012-04-23 . C979AEA8C4D8F875CD25507D08980006 . 135168 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22840_none_78447b63b1339621\cryptsvc.dll
[7] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\cryptsvc.dll
[7] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll
[7] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
.
[7] 2012-06-28 . 0D5E31ADA4C9D24A7891E92DD33D406C . 6010368 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23385_none_f66432f95150deae\mshtml.dll
[7] 2012-06-28 . D049E2BAB04AA57CBD7D6573C532FD9D . 6008320 . . [8.00.6001.18702] . . c:\windows\System32\mshtml.dll
[7] 2012-06-28 . D049E2BAB04AA57CBD7D6573C532FD9D . 6008320 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19298_none_f5d2c7203838a6da\mshtml.dll
[7] 2012-05-15 . FACC0814B3D95D317E44070859AB5978 . 6009344 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23359_none_f688a3e55134f037\mshtml.dll
[7] 2012-05-15 . 6224CD5ACCF78EBC082CF7A493D0A340 . 6007808 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19272_none_f5e2653c382dd6ee\mshtml.dll
[7] 2012-02-28 . 6758A38197024E71F71FFF507A1AD2F1 . 5980672 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23318_none_f6b2e34b5115671c\mshtml.dll
[7] 2012-02-28 . 5F25D5561F5BDA32EDE1193EC01529BF . 5978624 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19222_none_f61874d838054b39\mshtml.dll
[7] 2011-12-15 . 0FB4CBF8B6F2407B821266F80C4EAA88 . 5980160 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23286_none_f665315d514ffade\mshtml.dll
[7] 2011-12-15 . 62CA6A044EE909202D74C138012DD9AF . 5979136 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19190_none_f5cac2ea383fdefb\mshtml.dll
[7] 2011-11-03 . D4D63FCD03E8B58D5F1DDE6D64E0FF1B . 5978624 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23266_none_f67ad135513fc2fc\mshtml.dll
[7] 2011-11-03 . 73D666A49DEC07192D7D1C367A142333 . 5978112 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\mshtml.dll
[7] 2011-11-03 . 73D666A49DEC07192D7D1C367A142333 . 5978112 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19170_none_f5e062c2382fa719\mshtml.dll
[7] 2011-09-30 . 59CC0E3A960D0B8A4BBDB6FC65340EB9 . 5972992 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23250_none_f67f9f65513d0f01\mshtml.dll
[7] 2011-09-30 . 7E6C9B54B10123EA983ECDF7FBFFEA86 . 5971456 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19154_none_f5fa03c2381bd493\mshtml.dll
[7] 2011-07-23 . 8DF22BFA121C76BF1EE346AB9F12F360 . 5971456 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23216_none_f6b0e0d151173747\mshtml.dll
[7] 2011-07-23 . CAB330223469AC16EDB4863DF4C9976B . 5969920 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19120_none_f616725e38071b64\mshtml.dll
[7] 2011-05-28 . 7AF8A6DB4596E3BB3309BABA661EB523 . 5967360 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23181_none_f6602e0551547f04\mshtml.dll
[7] 2011-05-28 . 6D1E32A3C964BAF06B7973E7B18E3212 . 5964800 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19088_none_f5dd93403830909b\mshtml.dll
[7] 2011-02-22 . 6D30A34B029176D86EC04ECE6C0F62B1 . 5964800 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23143_none_f68d6e49513241ee\mshtml.dll
[7] 2011-02-22 . AA411AEF2476D251078F9C9F0478C142 . 5962240 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19048_none_f608d2f0381020d7\mshtml.dll
[7] 2010-12-18 . 0DA63A2B1D6D55E6005F4552D22E7BBE . 5962240 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23111_none_f6abdd79511bbb6d\mshtml.dll
[7] 2010-12-18 . 42B87D22378C1EF98F3B6F410C2670AA . 5961216 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19019_none_f62a42fe37f6e65b\mshtml.dll
[7] 2010-11-02 . 9FCC1F6457A84902EA7545B568B5AEDB . 5960704 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23091_none_f6555c33515c9dce\mshtml.dll
[7] 2010-11-02 . 9AC463498C480E9EB3C63DC21E4F29C8 . 5959168 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18999_none_f5d3eb7c383792a1\mshtml.dll
[7] 2010-09-08 . E993FB26BFAC2887BFE8DDAC4DC9180A . 5958656 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23067_none_f67bcdb3513ee205\mshtml.dll
[7] 2010-09-08 . 1704FC902E1B53EF87593D60FD312A55 . 5957120 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18975_none_f5e58a2c382af563\mshtml.dll
[7] 2010-06-26 . DF63821381A08F65174BA42745B1C79B . 5954560 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23040_none_f68a6b855134f8c2\mshtml.dll
[7] 2010-06-26 . D6168759945CD6BC2DB4BFCD4E94B399 . 5951488 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18943_none_f603f95c38146ee2\mshtml.dll
[7] 2010-05-04 . 62F23130C89F1EE5C0C9EEAB0685D1E5 . 5953024 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23019_none_f6b3dde3511488fe\mshtml.dll
[7] 2010-05-04 . B1E862448C38B0F70139BC28F67332DE . 5950976 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18928_none_f61e9aa637ffb5b3\mshtml.dll
[7] 2010-02-23 . 27DB55375D8F8045A27E016BB21B17C0 . 5946880 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22995_none_f65985395158cfe8\mshtml.dll
[7] 2010-02-23 . 8D5FB97AE3D30CCDD8C9D8AF447C7D09 . 5944832 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18904_none_f630395637f31875\mshtml.dll
[7] 2010-01-02 . BE6120F3D7A853039B5437AC9E1986C1 . 5945856 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22973_none_f66d247d514a6558\mshtml.dll
[7] 2010-01-02 . DF4D546A6E1C8D0F4FC10FCC9E422763 . 5942784 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18882_none_f5d7b77c3835c828\mshtml.dll
[7] 2009-11-21 . ED6055694115B1A247B2591AB465A21D . 5944320 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22956_none_f685c5335137797b\mshtml.dll
[7] 2009-11-21 . 062B81F34EADEEF652E759BF93691C50 . 5940736 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18865_none_f5f058323822dc4b\mshtml.dll
[7] 2009-07-22 . 8FD67A68AF3E2013DC668D3DD1519BB7 . 5938176 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22903_none_f6b8d3f15111a1c1\mshtml.dll
[7] 2009-07-21 . 2620C82EEEBED884FAA1E00C4671E83A . 5937152 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18813_none_f624673a37fc1de8\mshtml.dll
[7] 2009-05-12 . 5F3B323A3758C9B156B199F54A888882 . 5936128 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22874_none_f66e22e151498188\mshtml.dll
[7] 2009-05-09 . 89CCF8069B59780BDEF45E345E671347 . 5936128 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18783_none_f5d8b5e03834e458\mshtml.dll
[7] 2009-04-11 . A4D04D404AFC1D30EDA01EE50D27AA51 . 3596288 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18005_none_152e8ba81f4b4668\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
[7] 2009-03-03 . 0DCC9623D9A3E77212177F59738BE29A . 3580928 . . [7.00.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18226_none_1333784c22344556\mshtml.dll
[7] 2009-03-03 . A77A82830D2BBB001A53A5368934F7EB . 3581440 . . [7.00.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22389_none_137f366d3b7fd8cb\mshtml.dll
[7] 2009-03-03 . 94ED56734E8AB74357F8EA2C5C174EA9 . 3595264 . . [7.00.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16830_none_113c67fe251b384c\mshtml.dll
[7] 2009-03-03 . 67FFB5ED7723D03B50734614D31B57A5 . 3596800 . . [7.00.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21023_none_11d3adb53e2e3b6c\mshtml.dll
[7] 2009-01-16 . 8FA6CFFC665D1D9D99126CFA8D8DEAB7 . 3580928 . . [7.00.6001.22355] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22355_none_139ba5093b6b1f9c\mshtml.dll
[7] 2009-01-15 . E161281A8E8937ED94299A6B465D7BCE . 3580416 . . [7.00.6001.18203] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18203_none_134617462226c16f\mshtml.dll
[7] 2009-01-15 . AD9E78847641E519FE50A9C27E49AD27 . 3596288 . . [7.00.6000.20996] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20996_none_118b26fd3e6417c6\mshtml.dll
[7] 2009-01-15 . 676692EDC2E1DBD89EFCB617A1E75F7D . 3594752 . . [7.00.6000.16809] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16809_none_1165da5c24fac888\mshtml.dll
[7] 2008-12-12 . 8ECFDD5549AD28191D8594C80D4001E8 . 3578880 . . [7.00.6001.18183] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18183_none_12ef96002267a3d0\mshtml.dll
[7] 2008-12-12 . 20348C5C94D7D4A0D9AA12FBAA698514 . 3579392 . . [7.00.6001.22328] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22328_none_13bf15ab3b5017ce\mshtml.dll
[7] 2008-12-12 . 863FBEECA377800B2AFA4F8E972BEBC0 . 3593216 . . [7.00.6000.16788] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16788_none_110e58cc253c9192\mshtml.dll
[7] 2008-12-12 . 616EA8D014AF07FB1DC97B7432794AA6 . 3594752 . . [7.00.6000.20973] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20973_none_119dc5f73e5693df\mshtml.dll
[7] 2008-10-16 . B1AE727959358E4FE72D7FE6DC6736E8 . 3578880 . . [7.00.6001.18157] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18157_none_131406ec224bb559\mshtml.dll
[7] 2008-10-16 . 8B03B6121C4A55BF48B56BFAF962F879 . 3593216 . . [7.00.6000.16764] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16764_none_111ff77c252ff454\mshtml.dll
[7] 2008-10-16 . 6D4AAAAAEB494F78610AE792EC6B3E77 . 3579392 . . [7.00.6001.22288] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22288_none_137e343d3b80c24d\mshtml.dll
[7] 2008-10-16 . CF807C36C2E1984104D173B9DE1BCBCD . 3595264 . . [7.00.6000.20937] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20937_none_11cd06cf3e328977\mshtml.dll
[7] 2008-10-02 . 3E3D3E24BD1F862CD1A772C0DAD3F134 . 3578880 . . [7.00.6001.18148] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf\mshtml.dll
[7] 2008-10-02 . 713D3D802424C56F28A3AC21F843D9E4 . 3593216 . . [7.00.6000.16757] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468\mshtml.dll
[7] 2008-10-02 . 56942EB5D17DFA38CA0B2B234BB578A3 . 3579392 . . [7.00.6001.22278] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c\mshtml.dll
[7] 2008-10-02 . 34311116C0A994BD82D7732D0950999C . 3594752 . . [7.00.6000.20927] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86\mshtml.dll
[7] 2008-09-10 . 13A0AA60B35A6A13152A759536C10203 . 3591680 . . [7.00.6000.16681] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16681_none_110754e02542e30a\mshtml.dll
[7] 2008-09-10 . 38EC352C600EB037FE02749F8C170B6B . 3593728 . . [7.00.6000.20823] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20823_none_11d3d3ad3e2e0b03\mshtml.dll
[7] 2008-09-10 . 2C2A85BBAB617EDDD19119F66C05B1C3 . 3578368 . . [7.00.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18063_none_130533f222576ec7\mshtml.dll
[7] 2008-09-10 . 92A81ADE1E576A53176777260190F3A1 . 3578368 . . [7.00.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22167_none_1392d1e53b7173ed\mshtml.dll
[7] 2008-09-10 . 3AE6072A86AD8049DD133DB40F73F0C8 . 3591680 . . [7.00.6000.16643] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll
[7] 2008-09-10 . ED2588D1864319C54E79443130A8004B . 3593728 . . [7.00.6000.20777] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll
[7] 2008-09-10 . 9C4091CD321D6D8BCF9842F109EE574B . 3578368 . . [7.00.6001.18023] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll
[7] 2008-09-10 . 977C356E655F357665310C0C95D0DBD4 . 3578368 . . [7.00.6001.22120] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll
[7] 2008-06-27 . 2B59221D1B9D9FB1D202A21AFE8E410A . 3578368 . . [7.00.6001.18099] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18099_none_12eac5ea226a5aa4\mshtml.dll
[7] 2008-06-27 . B964D58A6698C8FCA93447ADBDE18820 . 3592192 . . [7.00.6000.16711] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16711_none_1153063a250a1c9a\mshtml.dll
[7] 2008-06-27 . 256E9D588ACB7F104123947297A9302A . 3578880 . . [7.00.6001.22212] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22212_none_13c3e1f53b4d66ac\mshtml.dll
[7] 2008-06-27 . 1D73575D8A0F368CD8FE3212E8928743 . 3594240 . . [7.00.6000.20868] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20868_none_11ad956f3e49f97a\mshtml.dll
[7] 2008-01-21 . 48E05FD07045BB2E5CFC43C970CAF1E7 . 3578368 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18000_none_1343129c22297b1c\mshtml.dll
.
[7] 2011-12-14 . 17AF64D727545F2804F6E6D998327E3F . 680448 . . [7.0.6002.18551] . . c:\windows\System32\msvcrt.dll
[7] 2011-12-14 . 17AF64D727545F2804F6E6D998327E3F . 680448 . . [7.0.6002.18551] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18551_none_d306a7e69c340115\msvcrt.dll
[7] 2011-12-14 . A807F65718C263442F0C3613F9BFD267 . 680448 . . [7.0.6002.22755] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.22755_none_d39447bfb54e0362\msvcrt.dll
[7] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\ERDNT\cache\msvcrt.dll
[7] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll
[7] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll
.
[7] 2012-06-28 . A9FF16A7FBE708D936AF46AFF1B2579B . 920064 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23385_none_e50a13dad0fa7578\wininet.dll
[7] 2012-06-28 . 03B4167CC1B30AC22DF413788AFADE97 . 916992 . . [8.00.6001.18702] . . c:\windows\System32\wininet.dll
[7] 2012-06-28 . 03B4167CC1B30AC22DF413788AFADE97 . 916992 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19298_none_e478a801b7e23da4\wininet.dll
[7] 2012-05-15 . 1FDE47149D9B08C0CEBEE731FDB39E0B . 920064 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23359_none_e52e84c6d0de8701\wininet.dll
[7] 2012-05-15 . DEAF5B0677A6B864B8F4F41C127695DB . 916992 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19272_none_e488461db7d76db8\wininet.dll
[7] 2012-02-28 . 9503972A61EA647A72C326EEB51265C1 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23318_none_e558c42cd0befde6\wininet.dll
[7] 2012-02-28 . AA8B3560AED18F5290F80C82C9B75ACC . 916992 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19222_none_e4be55b9b7aee203\wininet.dll
[7] 2011-12-15 . 2F56B044E8ED4FAA812A19A8DF2115EE . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23286_none_e50b123ed0f991a8\wininet.dll
[7] 2011-12-15 . DA7C58952F082AECABF775C83F913C6F . 916992 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19190_none_e470a3cbb7e975c5\wininet.dll
[7] 2011-11-03 . 406EEBC1B3FE188DE9D6B3AFB3834E84 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23266_none_e520b216d0e959c6\wininet.dll
[7] 2011-11-03 . 4E45F092670EEE0563AA9E1A7C8A1217 . 916992 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\wininet.dll
[7] 2011-11-03 . 4E45F092670EEE0563AA9E1A7C8A1217 . 916992 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19170_none_e48643a3b7d93de3\wininet.dll
[7] 2011-09-30 . DA000DE8EB63D54DCC206AA0699B9A52 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23250_none_e5258046d0e6a5cb\wininet.dll
[7] 2011-09-30 . 18F17E90657528C232B1944DEB4EC160 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19154_none_e49fe4a3b7c56b5d\wininet.dll
[7] 2011-07-23 . D2BA28C2B3CB7F2DBB5A5F92851B3F3F . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23216_none_e556c1b2d0c0ce11\wininet.dll
[7] 2011-07-23 . 8419DAE7205374F2CAA4C9CDBD0999E6 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19120_none_e4bc533fb7b0b22e\wininet.dll
[7] 2011-05-28 . E1E66EB05099B9DDCA178A9A00FCFF74 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23181_none_e5060ee6d0fe15ce\wininet.dll
[7] 2011-05-28 . DE4685DE5130039FA63DA66C0F72F787 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19088_none_e4837421b7da2765\wininet.dll
[7] 2011-02-22 . B3A938D522F085171387FEF112AEECF5 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23143_none_e5334f2ad0dbd8b8\wininet.dll
[7] 2011-02-22 . 047CDEFF94B63F0A4791372B47427B60 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19048_none_e4aeb3d1b7b9b7a1\wininet.dll
[7] 2010-12-18 . 7D6AACE6BF60B5A1D572E082DEC9F0F0 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23111_none_e551be5ad0c55237\wininet.dll
[7] 2010-12-18 . 74BCC23D622F32DA0450D164735ACAB1 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19019_none_e4d023dfb7a07d25\wininet.dll
[7] 2010-11-02 . D364DEB34DB229A4C1EFB1BC68F505C4 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23091_none_e4fb3d14d1063498\wininet.dll
[7] 2010-11-02 . 5681261BF2572F8776E1344DCB090C0B . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18999_none_e479cc5db7e1296b\wininet.dll
[7] 2010-09-08 . 6D4B5C39BB00A8BD98462664E73AC403 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23067_none_e521ae94d0e878cf\wininet.dll
[7] 2010-09-08 . 545264F1F3AC5BD57B159EBBDC4FDC58 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18975_none_e48b6b0db7d48c2d\wininet.dll
[7] 2010-06-26 . F60F99762FABCD7F4B53A4A0EBAE3505 . 919040 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23040_none_e5304c66d0de8f8c\wininet.dll
[7] 2010-06-26 . 78D42E00B5AB233F34116C0EF07F1BC9 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18943_none_e4a9da3db7be05ac\wininet.dll
[7] 2010-05-04 . 9DF755B063C647A1CAEB17F3E2FDDE1D . 919040 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23019_none_e559bec4d0be1fc8\wininet.dll
[7] 2010-05-04 . F317362AEB06140E7FB1B29331FDC038 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18928_none_e4c47b87b7a94c7d\wininet.dll
[7] 2010-02-23 . 24427C9C96556887A2F161800F00B2DE . 919040 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22995_none_e4ff661ad10266b2\wininet.dll
[7] 2010-02-23 . EC3B3E6071E3FCD4290BFD42676EE064 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18904_none_e4d61a37b79caf3f\wininet.dll
[7] 2010-01-02 . 1DC5E46312CBA5C1614B3D3359DB09C5 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22973_none_e513055ed0f3fc22\wininet.dll
[7] 2010-01-02 . 91B8712BDC74295DA14A08F519B70D65 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18882_none_e47d985db7df5ef2\wininet.dll
[7] 2009-11-21 . 0B603B1B76FF6CA2D88B658A9ECC40E8 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22956_none_e52ba614d0e11045\wininet.dll
[7] 2009-11-21 . DCB9E422810877D7C4115BACE54B084C . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18865_none_e4963913b7cc7315\wininet.dll
[7] 2009-07-22 . E48ADF567FE3EFCC2EB88A2BE5E020CB . 915456 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\wininet.dll
[7] 2009-07-21 . 6206A2BF9741B31C258ACC51972AFCAA . 915456 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\wininet.dll
[7] 2009-05-12 . 4BEDA2520729640D927E09A51AB916C4 . 915456 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\wininet.dll
[7] 2009-05-09 . D78B62CC91F043CED52F23F0085E7FE2 . 915456 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\wininet.dll
[7] 2009-04-11 . 8777B44511D8BCCF47B5A7CBDC02DE11 . 828416 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18005_none_03d46c899ef4dd32\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
[7] 2009-03-03 . 6E115E2D3FAE5077A361A5BCE78FF170 . 827392 . . [7.00.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\wininet.dll
[7] 2009-03-03 . 3ED9859939928CA568F487AB42175A33 . 827904 . . [7.00.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\wininet.dll
[7] 2009-03-03 . BA68744F8FE1BAAC35362F18774972A3 . 826368 . . [7.00.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\wininet.dll
[7] 2009-03-03 . 88B57405AC5B2BF513069086F8963635 . 828416 . . [7.00.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\wininet.dll
[7] 2009-01-16 . 6A986C2CD30633447DAB21A4852E40D6 . 827904 . . [7.00.6001.22355] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\wininet.dll
[7] 2009-01-15 . FB79A2AA5E92653B9A394FE26D799BF8 . 827392 . . [7.00.6001.18203] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\wininet.dll
[7] 2009-01-15 . 65647F41CEC0C8EEC9DF5BC1168EC76C . 827904 . . [7.00.6000.20996] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\wininet.dll
[7] 2009-01-15 . FF35D495AC08549154D1D96990513CD9 . 826368 . . [7.00.6000.16809] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\wininet.dll
[7] 2008-10-16 . 8F89FFECF6989DD7D9ECCEC6D95D7419 . 827392 . . [7.00.6001.18157] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\wininet.dll
[7] 2008-10-16 . F18C1B151A0B18C35BF0919A9BA0FA0F . 826368 . . [7.00.6000.16764] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\wininet.dll
[7] 2008-10-16 . 4944C9FFE8903A276590D4215F74B937 . 827904 . . [7.00.6001.22288] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\wininet.dll
[7] 2008-10-16 . 622FE627D15DD920238A993021F0A4D1 . 827904 . . [7.00.6000.20937] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\wininet.dll
[7] 2008-10-02 . C373C19F10601C1AFE7E40907AE48694 . 827392 . . [7.00.6001.18148] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\wininet.dll
[7] 2008-10-02 . 8BF7D225505A4ADA25D9444E91811CEA . 826368 . . [7.00.6000.16757] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\wininet.dll
[7] 2008-10-02 . 6B2591CDCEFEB8451594288426677CBB . 827904 . . [7.00.6001.22278] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\wininet.dll
[7] 2008-10-02 . C85EF7DE97ABBF00B16AD11EDFEAC637 . 827904 . . [7.00.6000.20927] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\wininet.dll
[7] 2008-09-10 . 9191790BF02A8D759EC2B4E4FA868407 . 826368 . . [7.00.6000.16681] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\wininet.dll
[7] 2008-09-10 . F40594128A6BFDA6C3F0900796895078 . 827392 . . [7.00.6000.20823] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\wininet.dll
[7] 2008-09-10 . 44FD3968AD885026D94450832A78DE8A . 826880 . . [7.00.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\wininet.dll
[7] 2008-09-10 . A86218059C228E7691A13E4CB63C4CDF . 826880 . . [7.00.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\wininet.dll
[7] 2008-09-10 . DAEED2799D4D19F955C3E90B22A1E91E . 826368 . . [7.00.6000.16643] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
[7] 2008-09-10 . F7FF1E0D443788D6AE4CBCA593530099 . 827392 . . [7.00.6000.20777] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
[7] 2008-09-10 . 482BCCBF1FCBB3378100FF97081438C1 . 826880 . . [7.00.6001.18023] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
[7] 2008-09-10 . 4E962B645608E6EDB7D31B75921D07FA . 826880 . . [7.00.6001.22120] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
[7] 2008-06-27 . 618A51B5FB9DD5810960F6044C0E9289 . 827392 . . [7.00.6001.18099] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\wininet.dll
[7] 2008-06-27 . E74D932CA7B3DA8CDB7A5F11F5A03ABC . 826368 . . [7.00.6000.16711] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\wininet.dll
[7] 2008-06-27 . EDF59D63DDBC8BE0BB4836EFFFC04BDC . 827904 . . [7.00.6001.22212] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\wininet.dll
[7] 2008-06-27 . AE7150C0696C656D02FDD48259F4EFF5 . 827904 . . [7.00.6000.20868] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\wininet.dll
[7] 2008-01-21 . 455D715A840579BDC1CF8E5C1DA76849 . 825856 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
.
[7] 2012-04-03 . CAD95AFB7FDDCC490681555C570FBB7D . 3602816 . . [6.0.6002.18607] . . c:\windows\System32\ntkrnlpa.exe
.
[7] 2012-06-28 . CE4945834BFE91AF301FA829E3E8A7AA . 638048 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23385_none_128320664925e45b\iexplore.exe
[7] 2012-06-28 . 7BC18656CCDD305665D3D7FAA283744A . 638048 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19298_none_11f1b48d300dac87\iexplore.exe
[7] 2012-05-15 . 26B900640CE979A708FD3793FA8A6C50 . 638048 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23359_none_12a791524909f5e4\iexplore.exe
[7] 2012-05-15 . 9AC31470779A703021C337FD83D683EE . 638048 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19272_none_120152a93002dc9b\iexplore.exe
[7] 2012-02-28 . CF4EFFB58D9D91E8D219C8E93BC59471 . 638240 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23318_none_12d1d0b848ea6cc9\iexplore.exe
.
.
[7] 2012-04-03 . B9907DD4BE7B1B39573BF66554AB224E . 3552640 . . [6.0.6002.22831] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22831_none_6e8113d5ca7e5806\ntoskrnl.exe
.
[7] 2008-01-21 . 22CFAEB9172F5F198048401485CD0571 . 9216 . . [6.0.6000.16386] . . c:\windows\System32\WSHTCPIP.DLL
[7] 2008-01-21 . 22CFAEB9172F5F198048401485CD0571 . 9216 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.0.6001.18000_none_cbb305c23187855a\WSHTCPIP.DLL
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{548f6736-8fe4-4680-82f2-170d6c07e1d2}"= "c:\program files\TranslatorBar_1.2\tbTran.dll" [2010-06-03 2736736]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\TranslatorBar_1.2\tbTran.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{548f6736-8fe4-4680-82f2-170d6c07e1d2}"= "c:\program files\TranslatorBar_1.2\tbTran.dll" [2010-06-03 2736736]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{548F6736-8FE4-4680-82F2-170D6C07E1D2}"= "c:\program files\TranslatorBar_1.2\tbTran.dll" [2010-06-03 2736736]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{548f6736-8fe4-4680-82f2-170d6c07e1d2}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 68856]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-08 6139904]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-9-10 1216512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Melanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.8087520392255758.exe.lnk]
path=c:\users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.8087520392255758.exe.lnk
backup=c:\windows\pss\0.8087520392255758.exe.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-04-26 20:23 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-04 14:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 5776;5776;c:\users\Melanie\AppData\Local\Temp\5776.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 14:42]
.
2012-09-07 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-10-04 14:10]
.
2012-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-03 17:21]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 16:16]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 16:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://home.sweetim.com
IE: Free YouTube Download - c:\users\Melanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Melanie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\uoiz31cn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extentions.y2layers.installId - b5126983-f67f-4732-b1d5-d7f9221b65e9
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
AddRemove-{587A2120-41D3-11DB-3D6C-00E19E4D4AE1} - c:\program files\Microsoft Games\Train Simulator\Uninst_MSTS Patch 1.8.0521 EN.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - c:\program files\SUPERAntiSpyware\Uninstall.exe
AddRemove-Wupper Express 11 Actpack 1.0 - c:\users\Melanie\Desktop\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-07 20:08
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-78928637-2002754984-348181283-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,53,24,3e,a1,fc,48,82,d0,94,d1,3a,f3,3e,c9,bf,05,bc,2f,e3,30,
45,8c,42,07,c7,68,47,a6,79,89,8c,4b,4f,de,a3,7a,dd,11,99,67,a3,fe,ad,a2,40,\
"rkeysecu"=hex:f2,48,57,24,39,38,75,42,be,54,5e,0a,19,64,10,96
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-09-07 20:28:48
ComboFix-quarantined-files.txt 2012-09-07 18:28
.
Vor Suchlauf: 21 Verzeichnis(se), 24.938.921.984 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 24.909.795.328 Bytes frei
.
- - End Of File - - B43ED4F56B71C359B96894FBB83A527E
|
|
07.09.2012, 20:27
| #8 |
| /// Malware-holic | Internetprobleme. Ein Schädling oder falsche Einstellungen? download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.09.2012, 08:30
| #9 |
| | Internetprobleme. Ein Schädling oder falsche Einstellungen? Hallo. Seit neuesten werde ich auch manchmal auf eine andere Seite umgeleitet. Könnte das einen Zusammenhang haben? Auch links unten blendet es bei Neustart des Lappis immer ein Werbungsfenster ein. Wie poste ich die Log? Ich habe das jetzt ausgeführt und überall "Skip" angeklickt. Auf Continue? |
|
08.09.2012, 10:23
| #10 |
| /// Malware-holic | Internetprobleme. Ein Schädling oder falsche Einstellungen? nein. gehe auf c: tdss-killer-datum-version.txt inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.09.2012, 10:51
| #11 | |
| | Internetprobleme. Ein Schädling oder falsche Einstellungen? Bitte sehr. Zitat:
|
|
08.09.2012, 10:53
| #12 |
| /// Malware-holic | Internetprobleme. Ein Schädling oder falsche Einstellungen? das komplette log
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.09.2012, 11:25
| #13 | |
| | Internetprobleme. Ein Schädling oder falsche Einstellungen? Ich habe den Inhalt der Datei komplett markiert, kopiert und hier eingefügt. Vielleicht jetzt? Zitat:
|
|
08.09.2012, 11:26
| #14 |
| /// Malware-holic | Internetprobleme. Ein Schädling oder falsche Einstellungen? hi die neueste version vom tdss killer hast du? also frisch geladen? dann scanne noch mal, wähle scip und dann schließe den scanner, poste das neue log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.09.2012, 11:28
| #15 |
| | Internetprobleme. Ein Schädling oder falsche Einstellungen? Ach den Scanner schließen? Hatte ihn noch auf, weil ich dachte, das ich dann dort irgendwas machen soll. Ich scanne nochmal neu, wähle dann überall Skip, schließe den Scanner und poste das neue Log. |
|
| Themen zu Internetprobleme. Ein Schädling oder falsche Einstellungen? |
| anderen, angezeigt, browser, cache, ebenfalls, einstellungen, falsche, freundin, funktioniert, gen, klicke, meldung, modem, netzwerkadapter, router, schädling, screen, seite, seiten, start, suche, verbindung, verschiedene, website, zurücksetzen |
Linear-Darstellung
