| |
| |||||||
Log-Analyse und Auswertung: USB Virus (auf Vista Parallels): Verknüfungen statt normale OrdnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
16.09.2012, 15:33
| #1 |
 |  USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner Hey zusammen! Ich bin ein totaler Neuling hier. Also bitte Anfängerfehler verzeihen, wenn ich welche mache  Also, wie ich gesehen habe bin ich nicht der erste mit diesem Trojaner. Die Besonderheit ist bei mir nur, dass ich mein Windows nur über Parallels auf einem Mac OS X 10.6.8 laufen habe. In Parallels verhält sich der Virus genauso wie bei allen anderen beschrieben. In OS X werden sowohl Verknüpfungen als auch die echten Ordner angezeigt... Ich glaube/hoffe, dass also nur die Windows Partition vom Virus betroffen ist, habe aber keine Ahnung, wie man das nachprüfen kann  Definitiv ist aber meine externe Festplatte vom Virus befallen. Und zwar komplett. D.h. die NTFS- und die Mac OS Extended (Journaled)-Partitition. Bei beiden sollte er am besten relativ flott wieder runter, weil die meine Sicherungsfestplatte ist... Wäre echt suuuper, wenn mir einer von euch als Experte helfen kann, den Virus zu besiegen!! Folgende logs habe ich schon erstellt: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.03.05 Windows Vista Service Pack 2 x86 PrlSF Internet Explorer 9.0.8112.16421 Francesco :: FRANCESCOS-PC [Administrator] Schutz: Aktiviert 08.09.2012 11:15:18 mbam-log-2012-09-08 (16-04-56).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 559375 Laufzeit: 3 Stunde(n), 9 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\Schmidt-Pro (Trojan.Agent) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|jiiad (Heuristics.Shuriken) -> Daten: C:\Users\Francesco\jiiad.exe /W -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Francesco\jiiad.exe (Heuristics.Shuriken) -> Keine Aktion durchgeführt. (Ende) ............. ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8b0a4a3a920e764494807350087e87bd # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-13 12:55:51 # local_time=2012-09-13 02:55:51 (+0100, Mitteleurop‰ische Sommerzeit ) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 65839079 65839079 0 0 # compatibility_mode=5892 16776573 100 100 25942 185011393 0 0 # compatibility_mode=8192 67108863 100 0 30291 30291 0 0 # compatibility_mode=9217 16777214 25 15 136009144 136017896 0 0 # scanned=556402 # found=4 # cleaned=0 # scan_time=19211 C:\Users\Francesco\xeixue.exe Win32/AutoRun.AFI worm (unable to clean) 00000000000000000000000000000000 I G:\xeixue.exe Win32/AutoRun.AFI worm (unable to clean) 00000000000000000000000000000000 I G:\xeixuex.exe Win32/AutoRun.AFI worm (unable to clean) 00000000000000000000000000000000 I ${Memory} Win32/AutoRun.AFI worm 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8b0a4a3a920e764494807350087e87bd # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-13 10:22:01 # local_time=2012-09-13 12:22:01 (+0100, Mitteleurop‰ische Sommerzeit ) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 65874762 65874762 0 0 # compatibility_mode=5892 16776573 100 100 61625 185047076 0 0 # compatibility_mode=8192 67108863 100 0 65974 65974 0 0 # compatibility_mode=9217 16777214 25 15 136044827 136053579 0 0 # scanned=593884 # found=3 # cleaned=0 # scan_time=17498 G:\autorun.inf Win32/AutoRun.VB.ADE worm (unable to clean) 00000000000000000000000000000000 I G:\xeixue.exe Win32/AutoRun.AFI worm (unable to clean) 00000000000000000000000000000000 I G:\xeixuex.exe Win32/AutoRun.AFI worm (unable to clean) 00000000000000000000000000000000 I Was soll ich als nächstes machen? Vielen vielen Dank schonmal!!! |
|
17.09.2012, 13:33
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | USB Virus (auf Vista Parallels): Verknüfungen statt normale OrdnerCode:
ATTFilter Datenbank Version: v2012.07.03.05
Bitte den Vollscan mit aktuellen Signaturen wiederholen
__________________ |
|
20.09.2012, 17:06
| #3 |
| | USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner ok, danke für den Hinweis! Hab nochmal einen durchgeführt, aber komischerweise hat er diesmal garnichts mehr gefunden (s.u.).
__________________Beim Öffnen von Malwarebytes kam eine Fehlermeldung, die ich angehängt habe... das hat nichts gutes zu bedeuten oder? seit neuestem kommt bei mir auf der google-startseite auch ein kleines werbefenster mit werbevideos...kann das mit dem trojaner zusammenhängen? Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.07.13 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Francesco :: FRANCESCOS-PC [Administrator] Schutz: Aktiviert 19.09.2012 15:27:16 mbam-log-2012-09-19 (15-27-16).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 599702 Laufzeit: 4 Stunde(n), 20 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Was soll ich als nächstes tun? Danke!! |
|
20.09.2012, 20:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.09.2012, 02:17
| #5 |
| | USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner # AdwCleaner v2.002 - Datei am 09/21/2012 um 02:56:00 erstellt # Aktualisiert am 16/09/2012 von Xplode # Betriebssystem : Windows Vista (TM) Ultimate Service Pack 2 (32 bits) # Benutzer : Francesco - FRANCESCOS-PC # Bootmodus : Normal # Ausgeführt unter : \\psf\Home\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Softonic ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v3.6.10 (de) Profilname : default Datei : C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\soeukzx3.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [934 octets] - [21/09/2012 02:54:33] AdwCleaner[R2].txt - [864 octets] - [21/09/2012 02:56:00] ########## EOF - C:\AdwCleaner[R2].txt - [923 octets] ########## ...habe dann auf "Löschen" geklickt, weil das Programm mir das vorgeschlagen hat. Ich hoffe, dass war kein Fehler? |
|
21.09.2012, 14:58
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner |
|
22.09.2012, 06:16
| #7 |
| | USB Virus (auf Vista Parallels): Verknüfungen statt normale OrdnerCode:
ATTFilter # AdwCleaner v2.002 - Datei am 09/21/2012 um 02:57:42 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# Benutzer : Francesco - FRANCESCOS-PC
# Bootmodus : Normal
# Ausgef¸hrt unter : \\psf\Home\Desktop\adwcleaner.exe
# Option [Lˆschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schl¸ssel Gelˆscht : HKCU\Software\Softonic
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v3.6.10 (de)
Profilname : default
Datei : C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\soeukzx3.default\prefs.js
C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\soeukzx3.default\user.js ... Gelˆscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [934 octets] - [21/09/2012 02:54:33]
AdwCleaner[R2].txt - [991 octets] - [21/09/2012 02:56:00]
AdwCleaner[S1].txt - [1471 octets] - [21/09/2012 02:57:42]
########## EOF - C:\AdwCleaner[S1].txt - [1531 octets] ##########
|
|
22.09.2012, 17:06
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.09.2012, 15:33
| #9 |
| | USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner Kann beides mit Ja beantworten. Fragt sich nur, ob das jetzt gut ist  wie gehts weiter? |
|
23.09.2012, 18:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner Wieso beides mit ja, vermisst du denn was im Startmenü, ist da alles weg?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2012, 12:23
| #11 |
| | USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner oh sorry, hatte die Frage ungenau gelesen: 1) jap, hatte da bisher noch keine Probleme 2) ich vermisse nichts im Startmenü, aber es gibt dort einige leere Ordner von Programmen, die ich schon lange deinstalliert habe. Aber diese Ordner sind zusätzlich zu den normalen und ich bin mir ehrlich gesagt nicht sicher, ob die nicht schon vor dem Trojaner da waren...benutze das Startmenü nur ganz selten... |
|
24.09.2012, 18:43
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.09.2012, 07:39
| #13 |
| | USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.09.2012 07:03:54 - Run 1 OTL by OldTimer - Version 3.2.68.0 Folder = \\psf\Home\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,84 Mb Total Physical Memory | 450,25 Mb Available Physical Memory | 44,02% Memory free 2,26 Gb Paging File | 1,51 Gb Available in Paging File | 66,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 8,10 Gb Free Space | 11,61% Space Free | Partition Type: NTFS Drive D: | 15,47 Gb Total Space | 11,25 Gb Free Space | 72,71% Space Free | Partition Type: NTFS Computer Name: FRANCESCOS-PC | User Name: Francesco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.25 04:28:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- \\psf\Home\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.09.14 02:04:22 | 000,028,488 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe PRC - [2011.09.14 02:03:32 | 000,131,912 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- C:\Program Files\Parallels\Parallels Tools\SIA\SharedIntApp.exe PRC - [2011.09.14 02:03:24 | 000,186,696 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe PRC - [2011.09.14 02:03:22 | 000,203,592 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- C:\Program Files\Parallels\Parallels Tools\Services\prl_tools.exe PRC - [2011.09.14 02:02:58 | 000,201,544 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- C:\Program Files\Parallels\Parallels Tools\prl_cc.exe PRC - [2011.03.31 17:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.12.21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.09.20 16:05:06 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdocoms.exe PRC - [2007.09.06 16:38:58 | 000,450,560 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\lxdomon.exe PRC - [2007.08.10 02:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\lxdoamon.exe PRC - [2007.07.17 08:26:04 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdoserv.exe PRC - [2007.06.27 11:15:34 | 000,752,136 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2007.04.11 10:30:34 | 000,030,800 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2007.04.11 10:30:06 | 000,026,704 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe PRC - [2007.01.26 15:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 13:22:14 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.15 13:22:04 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.11 18:56:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.11 18:54:32 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.11 18:48:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.11 18:47:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.09.14 02:04:04 | 000,322,376 | ---- | M] () -- C:\Program Files\Parallels\Parallels Tools\Plugins\SharedGuestApps.dll MOD - [2011.09.14 02:04:00 | 000,184,136 | ---- | M] () -- C:\Program Files\Parallels\Parallels Tools\Plugins\DragAndDrop.dll MOD - [2011.09.14 02:03:58 | 000,160,072 | ---- | M] () -- C:\Program Files\Parallels\Parallels Tools\Plugins\DesktopUtilities.dll MOD - [2011.09.14 02:03:56 | 000,128,840 | ---- | M] () -- C:\Program Files\Parallels\Parallels Tools\Plugins\CopyPasteTool.dll MOD - [2011.09.14 02:03:54 | 000,120,136 | ---- | M] () -- C:\Program Files\Parallels\Parallels Tools\Plugins\CEPTool.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.10.08 04:59:26 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\app4r.monitor.core.dll MOD - [2007.10.08 04:59:26 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\app4r.monitor.common.dll MOD - [2007.10.08 04:58:34 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\app4r.devmons.mcmdevmon.dll MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2007.09.06 16:38:58 | 000,450,560 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\lxdomon.exe MOD - [2007.09.06 16:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\lxdoscw.dll MOD - [2007.08.10 02:12:14 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll MOD - [2007.08.10 02:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 9500 Series\lxdoamon.exe MOD - [2007.05.03 11:39:32 | 000,589,824 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdodatr.dll MOD - [2007.04.11 10:30:34 | 000,030,800 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe MOD - [2007.04.11 10:30:06 | 000,026,704 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe MOD - [2007.03.26 03:39:36 | 000,073,728 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdocats.dll MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - File not found [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.09.14 02:04:22 | 000,028,488 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Running] -- C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe -- (Parallels Coherence Service) SRV - [2011.09.14 02:03:24 | 000,186,696 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Running] -- C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe -- (Parallels Tools Service) SRV - [2011.03.31 17:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2009.08.07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.09.20 16:05:06 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdocoms.exe -- (lxdo_device) SRV - [2007.07.17 08:26:04 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdoserv.exe -- (lxdoCATSCustConnectService) SRV - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.01.26 15:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\SynasUSB.sys -- (SynasUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DKbFltr.sys -- (DKbFltr) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avipbb.sys -- (avipbb) DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.12.04 18:52:25 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.10.22 16:09:10 | 000,023,880 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prl_pv32.sys -- (prl_pv32) DRV - [2011.09.14 02:04:30 | 000,148,808 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [File_System | System | Running] -- C:\Windows\System32\drivers\prl_fs.sys -- (prl_fs) DRV - [2011.09.14 02:03:20 | 000,015,816 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\prl_time.sys -- (prl_time) DRV - [2011.09.14 02:03:18 | 000,029,640 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prl_strg.sys -- (prl_strg) DRV - [2011.09.14 02:03:18 | 000,024,008 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prl_tg.sys -- (prl_tg) DRV - [2011.09.14 02:03:16 | 000,045,896 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\prl_sound.sys -- (prl_sound) DRV - [2011.09.14 02:03:08 | 000,016,200 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\prl_mouf.sys -- (prl_mouf) DRV - [2011.09.14 02:03:06 | 000,015,176 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\prl_memdev.sys -- (prl_memdev) DRV - [2011.09.14 02:03:04 | 000,117,064 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\prl_kmdd.sys -- (prl_dd) DRV - [2011.09.14 02:02:58 | 000,038,600 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | System | Running] -- C:\Windows\System32\drivers\prl_boot.sys -- (prl_boot) DRV - [2010.09.20 00:01:59 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2010.06.23 11:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2009.10.19 05:26:06 | 000,474,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF35.sys -- (AVerAF35) DRV - [2009.06.10 01:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2008.04.17 20:42:16 | 000,026,112 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD) DRV - [2008.04.14 17:05:41 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.03.26 15:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.03.26 15:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.03.26 15:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.03.03 14:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2008.01.19 07:53:28 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE) DRV - [2008.01.19 07:53:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM) DRV - [2007.06.06 10:07:00 | 007,120,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.05.30 09:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.05.17 03:05:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.05.17 03:04:08 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.05.17 02:46:50 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.05.16 14:47:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007.04.24 17:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver) DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI) DRV - [2002.05.08 14:01:06 | 000,100,182 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdwm1021.sys -- (RDID1021) DRV - [2001.08.24 23:14:40 | 000,044,612 | ---- | M] (Sony Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sonympeg.sys -- (SonyMPEG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_de IE - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 41 FF - prefs.js..extensions.enabledItems: csfire@cs.kuleuven.be:1.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.07 17:52:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.20 12:50:11 | 000,000,000 | ---D | M] [2008.09.17 22:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Francesco\AppData\Roaming\mozilla\Extensions [2012.07.18 22:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Francesco\AppData\Roaming\mozilla\Firefox\Profiles\soeukzx3.default\extensions [2010.06.18 20:50:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Francesco\AppData\Roaming\mozilla\Firefox\Profiles\soeukzx3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.08.26 17:41:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Francesco\AppData\Roaming\mozilla\Firefox\Profiles\soeukzx3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012.05.07 23:29:28 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Francesco\AppData\Roaming\mozilla\Firefox\Profiles\soeukzx3.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2012.05.07 23:29:34 | 000,000,000 | ---D | M] (CsFire) -- C:\Users\Francesco\AppData\Roaming\mozilla\Firefox\Profiles\soeukzx3.default\extensions\csfire@cs.kuleuven.be [2010.03.12 17:55:02 | 000,002,477 | ---- | M] () -- C:\Users\Francesco\AppData\Roaming\mozilla\firefox\profiles\soeukzx3.default\searchplugins\diigo--google.xml [2009.03.16 17:43:25 | 000,005,424 | ---- | M] () -- C:\Users\Francesco\AppData\Roaming\mozilla\firefox\profiles\soeukzx3.default\searchplugins\rhymegen.xml [2011.06.10 15:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.06.02 23:44:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.07 17:56:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.02 12:26:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.27 18:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.10 15:00:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.02 12:12:06 | 000,000,779 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 0.0.0.0 .psf O1 - Hosts: 0.0.0.0 psf O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O3 - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [lxdoamon] C:\Program Files\Lexmark 9500 Series\lxdoamon.exe () O4 - HKLM..\Run: [lxdomon.exe] C:\Program Files\Lexmark 9500 Series\lxdomon.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Parallels Shared Internet Applications] C:\Program Files\Parallels\Parallels Tools\SIA\SharedIntApp.exe (Parallels Holdings, Ltd. and its affiliates.) O4 - HKLM..\Run: [Parallels Tools Center] C:\Program Files\Parallels\Parallels Tools\prl_cc.exe (Parallels Holdings, Ltd. and its affiliates.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002..\Run: [vupur] C:\Users\Francesco\vupur.exe /w File not found O4 - Startup: C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1 O7 - HKU\S-1-5-21-1743292834-4225409643-1500153955-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: .psf ([]* in Local intranet) O15 - HKLM\..Trusted Domains: psf ([]* in Local intranet) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.168.255.18 116.228.111.118 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FF7C41C-6405-4A23-A055-6294675E070E}: DhcpNameServer = 180.168.255.18 116.228.111.118 O20 - AppInit_DLLs: (eNetHook.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Francesco\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg O24 - Desktop BackupWallPaper: C:\Users\Francesco\AppData\Roaming\Microsoft\Windows DreamScene\DreamScene.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0eb8df0e-1cbd-11e1-910c-001c42a6e7ef}\Shell - "" = AutoRun O33 - MountPoints2\{0eb8df0e-1cbd-11e1-910c-001c42a6e7ef}\Shell\AutoRun\command - "" = H:\INTEL\startspk.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase6_17_erinnerung.lnk - C:\Program Files\phase6\phase6_17\WinStart\WinStart.exe - (phase6) MsConfig - StartUpFolder: C:^Users^Francesco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Acer Empowering Technology.lnk - - File not found MsConfig - StartUpReg: Acer Tour Reminder - hkey= - key= - File not found MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - File not found MsConfig - StartUpReg: Adobe_ID0EYTHM - hkey= - key= - File not found MsConfig - StartUpReg: eAudio - hkey= - key= - File not found MsConfig - StartUpReg: PlayMovie - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5 ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {57CC6CD9-90FC-5A40-C7B5-3E4C9440A2AB} - ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {AAE2A559-2180-1D71-1261-EC120317E912} - Microsoft Windows Media Player 11.0 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: midi1 - C:\Windows\System32\rddv1021.dll (Roland Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.25 04:28:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- \\psf\Home\Desktop\OTL.exe [2012.09.17 16:11:51 | 000,000,000 | ---D | C] -- \\psf\Home\Documents\MBA Shanghai [2012.09.12 13:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.08 10:59:51 | 000,000,000 | ---D | C] -- C:\Users\Francesco\AppData\Roaming\Malwarebytes [2012.09.08 10:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.08 10:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.08 10:59:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.08 10:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.06 17:08:51 | 000,000,000 | ---D | C] -- C:\Leo_Movies [2 \\psf\Home\Documents\*.tmp files -> \\psf\Home\Documents\*.tmp -> ] [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.26 07:01:19 | 000,024,580 | -H-- | M] () -- \\psf\Home\Desktop\.DS_Store [2012.09.26 06:57:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.26 04:55:35 | 000,005,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.26 04:55:35 | 000,005,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 15:59:27 | 000,046,922 | ---- | M] () -- \\psf\Home\Desktop\Bildschirmfoto 2012-09-25 um 15.59.19.png [2012.09.25 15:57:08 | 000,024,580 | -H-- | M] () -- \\psf\Home\Documents\.DS_Store [2012.09.25 09:56:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.25 04:28:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- \\psf\Home\Desktop\OTL.exe [2012.09.24 11:05:36 | 000,001,111 | ---- | M] () -- C:\Users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.09.24 05:18:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.24 05:02:12 | 000,223,395 | ---- | M] () -- \\psf\Home\Desktop\Bildschirmfoto 2012-09-24 um 05.02.07.png [2012.09.24 03:27:26 | 000,120,832 | ---- | M] () -- C:\Users\Francesco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.23 17:17:46 | 012,311,423 | ---- | M] () -- \\psf\Home\Documents\Niko Geburtstagsvideo.m4v [2012.09.23 15:58:38 | 000,086,232 | ---- | M] () -- \\psf\Home\Desktop\clip0010.avi [2012.09.22 10:27:57 | 000,058,880 | ---- | M] () -- \\psf\Home\Documents\Visitenkarten China Englisch.pub [2012.09.22 07:23:09 | 000,295,406 | ---- | M] () -- \\psf\Home\Desktop\Bildschirmfoto 2012-09-22 um 07.23.06.png [2012.09.21 10:04:38 | 000,484,189 | ---- | M] () -- \\psf\Home\Desktop\Bildschirmfoto 2012-09-21 um 10.04.34.png [2012.09.21 02:53:17 | 000,512,737 | ---- | M] () -- \\psf\Home\Desktop\adwcleaner.exe [2012.09.20 08:59:01 | 000,019,834 | ---- | M] () -- \\psf\Home\Desktop\Bildschirmfoto 2012-09-20 um 08.58.57.png [2012.09.13 03:07:54 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI [2012.09.12 18:33:35 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.12 18:33:35 | 000,607,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.12 18:33:35 | 000,131,678 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.12 18:33:35 | 000,108,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.08 10:59:33 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.07 09:57:01 | 163,789,432 | ---- | M] () -- C:\Windows\MEMORY.DMP [2 \\psf\Home\Documents\*.tmp files -> \\psf\Home\Documents\*.tmp -> ] [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.25 15:59:27 | 000,046,922 | ---- | C] () -- \\psf\Home\Desktop\Bildschirmfoto 2012-09-25 um 15.59.19.png [2012.09.24 05:02:12 | 000,223,395 | ---- | C] () -- \\psf\Home\Desktop\Bildschirmfoto 2012-09-24 um 05.02.07.png [2012.09.23 17:17:45 | 012,311,423 | ---- | C] () -- \\psf\Home\Documents\Niko Geburtstagsvideo.m4v [2012.09.23 15:58:09 | 000,086,232 | ---- | C] () -- \\psf\Home\Desktop\clip0010.avi [2012.09.22 10:27:58 | 000,058,880 | ---- | C] () -- \\psf\Home\Documents\Visitenkarten China Englisch.pub [2012.09.22 07:23:09 | 000,295,406 | ---- | C] () -- \\psf\Home\Desktop\Bildschirmfoto 2012-09-22 um 07.23.06.png [2012.09.21 10:04:37 | 000,484,189 | ---- | C] () -- \\psf\Home\Desktop\Bildschirmfoto 2012-09-21 um 10.04.34.png [2012.09.21 02:53:08 | 000,512,737 | ---- | C] () -- \\psf\Home\Desktop\adwcleaner.exe [2012.09.20 08:59:00 | 000,019,834 | ---- | C] () -- \\psf\Home\Desktop\Bildschirmfoto 2012-09-20 um 08.58.57.png [2012.09.13 03:07:54 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2012.09.08 10:59:33 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.07 09:57:01 | 163,789,432 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.06.29 13:03:18 | 000,001,514 | ---- | C] () -- C:\Users\Francesco\gsview32.ini [2011.10.23 14:04:34 | 000,015,176 | ---- | C] () -- C:\Windows\System32\drivers\prl_memdev.sys [2010.10.25 11:22:41 | 000,000,600 | ---- | C] () -- C:\Users\Francesco\AppData\Roaming\winscp.rnd [2009.10.09 15:22:27 | 000,005,225 | ---- | C] () -- C:\ProgramData\lxdo [2009.09.19 16:16:46 | 000,038,451 | ---- | C] () -- C:\Users\Francesco\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2009.09.19 16:15:09 | 000,038,457 | ---- | C] () -- C:\Users\Francesco\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR [2009.01.30 18:49:58 | 000,000,616 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.01.06 17:32:32 | 000,038,431 | ---- | C] () -- C:\Users\Francesco\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2008.11.28 21:42:41 | 000,001,793 | ---- | C] () -- C:\Users\Francesco\AppData\Roaming\SAS7_000.DAT [2008.04.28 21:17:42 | 000,028,915 | ---- | C] () -- C:\Users\Francesco\AppData\Roaming\UserTile.png [2008.04.13 13:36:22 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.04.12 10:18:28 | 000,001,489 | ---- | C] () -- C:\Users\Francesco\AppData\Local\SearchResults.wpl [2008.03.15 20:07:07 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.03.09 15:11:20 | 000,001,024 | ---- | C] () -- C:\Users\Francesco\.rnd [2008.02.29 18:00:17 | 000,000,552 | ---- | C] () -- C:\Users\Francesco\AppData\Local\d3d8caps.dat [2008.02.08 00:18:11 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.21 23:18:23 | 000,120,832 | ---- | C] () -- C:\Users\Francesco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.21 15:00:11 | 000,001,356 | ---- | C] () -- C:\Users\Francesco\AppData\Local\d3d9caps.dat [2007.12.25 01:47:04 | 000,000,097 | ---- | C] () -- C:\Users\Francesco\AppData\Local\fusioncache.dat [2007.12.24 21:22:29 | 000,094,485 | ---- | C] () -- C:\Users\Francesco\AppData\Roaming\nvModes.001 [2007.12.24 21:14:12 | 000,094,485 | ---- | C] () -- C:\Users\Francesco\AppData\Roaming\nvModes.dat [2007.11.16 20:14:11 | 000,000,000 | ---- | C] () -- C:\Users\Francesco\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 14:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.08.22 20:12:33 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\9500 Series [2009.06.02 23:09:39 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Ableton [2009.08.30 17:59:26 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Audacity [2008.09.26 08:21:19 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Blender Foundation [2008.09.09 09:26:02 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\CopyTransControlCenter [2011.12.04 19:00:18 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\DAEMON Tools Lite [2011.12.04 18:45:05 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\DAEMON Tools Pro [2011.12.04 21:54:42 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\DassaultSystemes [2012.03.28 13:36:10 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\elsterformular [2009.05.08 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\gtk-2.0 [2008.01.01 19:34:54 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\ICQ [2009.08.25 16:52:20 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Lexmark Productivity Studio [2009.09.20 17:42:03 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\LG Electronics [2009.10.03 18:50:32 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\MAGIX [2008.02.29 21:39:08 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Miranda [2008.07.02 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\NCH Swift Sound [2010.09.22 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\NewSoft [2008.11.28 21:10:45 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Nuance [2010.09.22 07:50:47 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Parallels [2008.04.28 21:17:42 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\PeerNetworking [2008.10.31 14:00:15 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\S.V. Softwares [2009.04.18 22:50:48 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Steinberg [2010.01.17 16:57:42 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Teleca [2007.12.25 00:54:07 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Template [2011.02.05 11:18:39 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Transcend [2009.04.18 22:09:48 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\TuneUp Software [2009.07.25 15:58:54 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Ulead Systems ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.08.22 20:12:33 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\9500 Series [2009.06.02 23:09:39 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Ableton [2011.12.26 16:44:03 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Adobe [2008.01.03 23:29:08 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\AdobeUM [2009.10.03 11:02:30 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Apple Computer [2009.08.30 17:59:26 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Audacity [2008.09.26 08:21:19 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Blender Foundation [2008.09.09 09:26:02 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\CopyTransControlCenter [2007.12.25 20:28:01 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\CyberLink [2011.12.04 19:00:18 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\DAEMON Tools Lite [2011.12.04 18:45:05 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\DAEMON Tools Pro [2011.12.04 21:54:42 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\DassaultSystemes [2009.09.20 22:05:09 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\DivX [2009.09.10 10:04:23 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\dvdcss [2012.03.28 13:36:10 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\elsterformular [2008.03.15 14:33:49 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Google [2009.05.08 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\gtk-2.0 [2008.01.01 19:34:54 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\ICQ [2007.12.25 18:39:13 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Identities [2008.04.17 16:50:30 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\InstallShield [2009.08.25 16:52:20 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Lexmark Productivity Studio [2009.09.20 17:42:03 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\LG Electronics [2007.12.25 00:54:07 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Macromedia [2009.10.03 18:50:32 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\MAGIX [2012.09.08 10:59:51 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Malwarebytes [2006.11.02 14:35:50 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Media Center Programs [2012.07.11 13:10:08 | 000,000,000 | --SD | M] -- C:\Users\Francesco\AppData\Roaming\Microsoft [2008.02.29 21:39:08 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Miranda [2008.09.17 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Mozilla [2008.07.02 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\NCH Swift Sound [2008.03.09 15:12:07 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Nero [2010.09.22 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\NewSoft [2008.11.28 21:10:45 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Nuance [2010.09.22 07:50:47 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Parallels [2008.04.28 21:17:42 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\PeerNetworking [2008.07.06 19:39:31 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Real [2008.10.31 14:00:15 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\S.V. Softwares [2008.06.18 19:01:03 | 000,000,000 | RH-D | M] -- C:\Users\Francesco\AppData\Roaming\SecuROM [2010.11.01 15:49:39 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Skype [2010.06.02 19:01:50 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\skypePM [2009.08.26 15:06:01 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Sony Ericsson [2009.04.18 22:50:48 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Steinberg [2010.01.17 16:57:42 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Teleca [2007.12.25 00:54:07 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Template [2011.02.05 11:18:39 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Transcend [2009.04.18 22:09:48 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\TuneUp Software [2009.08.15 17:19:18 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\U3 [2009.07.25 15:58:54 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Ulead Systems [2010.11.03 17:34:43 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\vlc [2008.08.08 18:44:41 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\WinRAR [2008.09.20 08:38:55 | 000,000,000 | ---D | M] -- C:\Users\Francesco\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2012.04.02 15:42:12 | 006,232,600 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Francesco\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur11.exe [2011.12.26 16:43:53 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Francesco\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.06.01 11:37:39 | 000,010,134 | R--- | M] () -- C:\Users\Francesco\AppData\Roaming\Microsoft\Installer\{CE7FC1FF-8528-47F6-A67C-7017C14DBF3D}\ARPPRODUCTICON.exe [2009.08.07 12:44:18 | 000,019,792 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\soeukzx3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe [2009.08.07 12:44:18 | 000,022,848 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\soeukzx3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe [2012.06.04 18:57:34 | 000,161,280 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Adobe Reader (Mac).exe [2010.09.22 07:59:57 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Adressbuch (Mac).exe [2010.09.22 08:09:06 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\AirPort-Dienstprogramm (Mac).exe [2010.09.22 08:09:08 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\AppleScript-Editor (Mac).exe [2012.01.04 16:00:14 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Assistent zur WLAN-Einrichtung (Mac).exe [2010.09.22 08:09:09 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Audio-MIDI-Setup (Mac).exe [2010.09.22 08:00:36 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Automator (Mac).exe [2011.01.27 12:27:36 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Canon IJ-Bildschirmhandbuch (Mac).exe [2011.01.27 12:27:45 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\CD-LabelPrint (Mac).exe [2010.09.22 08:00:52 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Chess (Mac).exe [2010.09.22 08:09:10 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\ColorSync-Dienstprogramm (Mac).exe [2010.09.22 08:01:24 | 000,152,432 | ---- | M] () -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Dashboard (Mac).exe [2012.01.04 16:00:13 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Deinstaller (Mac).exe [2010.09.22 08:09:18 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\DigitalColor-Farbmesser (Mac).exe [2010.09.22 10:43:57 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\DiskImageMounter (Mac).exe [2011.04.16 11:20:16 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\DivX Community (Mac).exe [2011.04.12 22:29:53 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\DivX Converter (Mac).exe [2011.04.12 22:32:08 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\DivX Player (Mac).exe [2012.04.23 20:36:46 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\DivX Plus Player (Mac).exe [2011.04.16 11:20:18 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\DivX Products (Mac).exe [2011.04.16 11:20:18 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\DivX Support (Mac).exe [2012.01.04 16:00:09 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Druckereinstellungen (Mac).exe [2010.09.22 08:08:28 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\DVD-Player (Mac).exe [2012.04.22 13:00:38 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Evernote (Mac).exe [2010.09.22 08:09:20 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Exposé (Mac).exe [2010.09.22 08:09:19 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Festplatten-Dienstprogramm (Mac).exe [2010.09.22 08:08:30 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Firefox (Mac).exe [2010.09.22 08:08:34 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Front Row (Mac).exe [2010.09.22 08:08:35 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\GarageBand (Mac).exe [2011.06.09 18:12:40 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Gimp (Mac).exe [2010.09.22 08:09:21 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Grapher (Mac).exe [2010.09.22 08:08:37 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\iCal (Mac).exe [2010.09.22 08:08:38 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\iChat (Mac).exe [2011.08.10 17:26:49 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\iDVD (Mac).exe [2010.09.22 08:08:43 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\iMovie (Mac).exe [2010.09.22 08:08:44 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\iPhoto (Mac).exe [2010.09.22 08:08:45 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\iSync (Mac).exe [2010.09.22 08:08:46 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\iTunes (Mac).exe [2010.09.22 08:08:47 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\iWeb (Mac).exe [2012.08.17 15:14:12 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Kindle (Mac).exe [2010.09.22 08:08:26 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Lexikon (Mac).exe [2010.09.22 08:08:53 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Lexmark 9500 Series Center (Mac).exe [2010.09.22 08:08:53 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Live (Mac).exe [2010.09.22 08:08:54 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Mail (Mac).exe [2010.12.01 18:08:24 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\MATLAB_R2010aSV (Mac).exe [2011.03.09 16:11:30 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\MediaCentral (Mac).exe [2010.09.22 10:56:27 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Microsoft PowerPoint (Mac).exe [2010.09.22 10:56:27 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Microsoft Word (Mac).exe [2011.01.27 12:27:44 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\MP Navigator EX 4.0 (Mac).exe [2010.10.24 21:11:02 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\NetBeans 6.9.1 (Mac).exe [2010.09.22 08:09:14 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Netzwerkdienstprogramm (Mac).exe [2012.01.04 16:00:08 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Netzwerkkartenleser (Mac).exe [2010.09.22 08:08:59 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Notizzettel (Mac).exe [2010.12.14 20:19:07 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\OpenOffice.org (Mac).exe [2010.09.22 08:08:57 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\QuickTime Player (Mac).exe [2010.09.22 08:09:14 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\RAID-Dienstprogramm (Mac).exe [2011.05.16 17:39:24 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Rhinoceros (Mac).exe [2010.09.22 08:08:57 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Safari (Mac).exe [2012.01.04 16:00:12 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Scan Center (Mac).exe [2010.09.22 08:09:22 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Schlüsselbundverwaltung (Mac).exe [2010.09.22 08:08:32 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Schriftsammlung (Mac).exe [2010.09.22 08:08:59 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\SimplyRAR (Mac).exe [2010.11.02 23:30:52 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Skype (Mac).exe [2012.08.12 12:48:20 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Skype_old (Mac).exe [2010.09.22 08:09:15 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Spaces (Mac).exe [2010.09.22 08:09:15 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\System-Profiler (Mac).exe [2010.09.22 08:09:00 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Systemeinstellungen (Mac).exe [2010.09.22 08:09:01 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\TextEdit (Mac).exe [2011.03.09 16:11:30 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\The Tube (Mac).exe [2010.09.22 08:09:04 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Time Machine (Mac).exe [2011.04.16 11:20:21 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Uninstall DivX for Mac (Mac).exe [2010.10.08 09:22:23 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\VLC (Mac).exe [2010.09.22 08:08:56 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Vorschau (Mac).exe [2012.02.16 11:27:07 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\Wolfram CDF Player (Mac).exe [2010.09.22 08:09:16 | 000,228,864 | ---- | M] (Parallels Software International, Inc.) -- C:\Users\Francesco\AppData\Roaming\Parallels\Shared Applications\X11 (Mac).exe [2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Francesco\AppData\Roaming\U3\temp\cleanup.exe [2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Francesco\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.13 19:35:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.13 19:35:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.13 19:35:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.05.17 03:04:26 | 000,108,328 | ---- | M] (NVIDIA Corporation) MD5=4A820160BC3C85297BF33CEF08A905C2 -- C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Chipset\IDE\WinVista\sata_ide\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.12.25 02:06:48 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.12.25 02:06:48 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.03.03 14:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\Windows\system32\drivers\vsdatant.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > [2006.11.02 15:00:25 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 15:00:25 | 000,032,588 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008.04.08 22:04:56 | 000,000,426 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F8265E79-4C94-4D98-8622-CE060FAA9C18}.job [2010.06.01 11:46:17 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.06.01 11:46:19 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A95A95AC @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8CE646EE @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7B212553 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:30A9E86A @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:F35A93AD < End of report > |
|
26.09.2012, 07:40
| #14 |
| | USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner und dieser log ist auch noch entstanden: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.09.2012 07:03:54 - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = \\psf\Home\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,84 Mb Total Physical Memory | 450,25 Mb Available Physical Memory | 44,02% Memory free
2,26 Gb Paging File | 1,51 Gb Available in Paging File | 66,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 8,10 Gb Free Space | 11,61% Space Free | Partition Type: NTFS
Drive D: | 15,47 Gb Total Space | 11,25 Gb Free Space | 72,71% Space Free | Partition Type: NTFS
Computer Name: FRANCESCOS-PC | User Name: Francesco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1743292834-4225409643-1500153955-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12A4881C-0457-46CC-9FA8-88ED49A16C47}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{263E81A1-C32E-454B-8F74-AEF3712FE336}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29692651-B82E-40A5-8ACC-557F740982F7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A3D8B2D-4EF5-4BEC-9CF3-6FFE2BC0A1C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60ACCA44-CC2C-4727-A33B-AFD8D5A4D1F7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6843FCAA-2976-4A9E-821A-CA32BA63BE0F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70F99AE8-5442-487C-9A7A-48DB56349FC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A20EBEF-9793-4CE6-A4CC-1089AAD7B6B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84EF9B18-69B0-4B8D-A955-894ED66487E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8810070D-8538-47F1-BDE3-BDF66D5F3116}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89ADCCFD-7388-4039-9CF7-6ABBFAFCB415}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{980AB920-CE51-4B6E-B157-E8133F4F227A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2D2C65C-9AD3-4322-9499-E29EBD4ED0E0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A8C900C5-612F-418A-AE6A-2F7196CDACD0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B8900BFF-A2DF-4D18-82DE-3A7CF07C66F3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CD060FAC-EBAF-4044-97B1-F422E88C62BD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D2BCE533-D554-49B8-BDE1-07D5899DC7B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9B1D216-3E90-4B59-9440-86BD4499A14E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FD8F4FCA-F94B-4402-8752-5D7797C38206}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6BE6A3-ADFB-4980-8C82-659C31C9FB7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0AD1AD00-5AB1-4071-8A9B-1940B6122497}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BB1E9CA-DEFD-4059-9811-5530A203D22A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0F2675EE-E12B-4DFF-98AD-921E0E467712}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdopswx.exe |
"{0F6919CD-AF3E-4D38-8366-63506F2A2F10}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdotime.exe |
"{13A261F3-7051-4FBC-85AD-A43E989AD40C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{17B7095B-64E8-45BA-A4DC-D9D055319B13}" = protocol=17 | dir=in | app=c:\program files\lexmark 9500 series\lxdomon.exe |
"{1895F96F-E9F6-4977-BAE3-9FF5A10F4FB8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1B2DCA0B-EE00-4720-BD40-1DAB86AF8C7D}" = protocol=17 | dir=in | app=c:\program files\lexmark 9500 series\wireless\lxdowpss.exe |
"{22B5D3A9-B42D-41F3-A31A-1C21F1505F38}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdopswx.exe |
"{23E291F5-2239-45D1-9E3D-40F9E23D31CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2794586E-B781-4AC8-A18F-BDF0AD5BE976}" = protocol=17 | dir=in | app=c:\program files\lexmark 9500 series\lxdofax.exe |
"{2A559485-5593-43B1-940C-26BCBA60187F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2C3C8183-BE7D-419E-8242-DC0D25DAC466}" = protocol=6 | dir=in | app=c:\program files\lexmark 9500 series\wireless\lxdowpss.exe |
"{2E59826B-5EB4-47E8-961C-93DD09A15CFA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3C8E83A3-832A-49DF-8EF8-961E190579C9}" = protocol=17 | dir=in | app=c:\program files\parallels\parallels transporter agent\parallelstransporteragent.exe |
"{3DCBDF6C-F108-4A16-A53E-3E436951FB53}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocoms.exe |
"{3EED477B-D46E-4484-8F70-0D167B364F84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{405E33B1-D269-47A2-B5DD-C28DD6EBD08B}" = protocol=6 | dir=in | app=c:\program files\parallels\parallels transporter agent\parallelstransporteragent.exe |
"{4CA9F22F-5F2A-40A3-9952-58B759022FA8}" = protocol=17 | dir=in | app=c:\program files\parallels\parallels transporter agent\parallelstransporteragent.exe |
"{4E32350C-30A4-40C1-ACFA-0DC196F609EA}" = protocol=6 | dir=in | app=c:\program files\parallels\parallels transporter agent\parallelstransporteragent.exe |
"{4E9BE38A-EE66-453B-BF22-607AA99E94EE}" = protocol=17 | dir=in | app=c:\program files\lexmark 9500 series\lxdoamon.exe |
"{50D8DCAC-C998-451A-A397-5DDD6CB5BAE0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{54153CC9-67DF-43F4-B8FC-B6263AC0A616}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54513617-8DC4-48D5-AD3F-889D652580EB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{59B66BF8-8F27-4AF3-9007-407149DC5F05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A1E3C84-8D44-4B59-A22A-BCE9C3B10209}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5DFEFC07-ED86-4D97-B856-95ED27A24DBB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76558601-0969-40E9-B32C-5848FD42A24D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{80A3F266-F711-48AC-8786-4E5118E38680}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdojswx.exe |
"{81178336-F694-404C-BC0B-FE0FB8E1FAE5}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocfg.exe |
"{815C4576-8F61-4195-9DF7-EC9A3BACC2CD}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocfg.exe |
"{912A1574-1467-4EAD-961C-44B606CCA63F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{91E38753-FA0B-4AD4-B692-362DEB1EECDA}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdowbgw.exe |
"{A129F1E0-73CF-4949-8AE5-08F9BB433E19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABDF0568-4356-4045-BAB5-5BC85CB2BE81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEA9E6C7-C26B-49A8-B833-6C46B587B3DD}" = protocol=6 | dir=in | app=c:\program files\lexmark 9500 series\lxdoamon.exe |
"{B93C2667-2C14-406B-BD3B-62C0C3BCBBBB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BE8C4A3C-854C-4F4D-9FCD-1A33A4D3D881}" = protocol=6 | dir=in | app=c:\program files\lexmark 9500 series\lxdomon.exe |
"{C8479C6A-2EDE-4785-9ECD-3B27F1913D25}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdowbgw.exe |
"{C9B31CD8-12AA-4B90-AF63-9137D92F9AE7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdojswx.exe |
"{CA792BEA-376F-4704-8C1C-59BAF2CF6633}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D79A67C7-8DCF-46F5-A677-BF7DD1EDB986}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdotime.exe |
"{DD0F0BD8-5431-4113-A342-A8DF1D0C7345}" = protocol=6 | dir=out | app=system |
"{E03FD88A-3E59-471B-8940-F2595CEE1F7F}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{E6B2333E-8847-4C0E-8690-9CEE53E3F084}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{EDD0527E-4414-4812-B7FE-60CB20C6E693}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F681F830-538E-4B7A-BBAD-5BA267993D84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F737E58B-EC94-4B7B-8A23-F3228895FDC8}" = protocol=6 | dir=in | app=c:\program files\lexmark 9500 series\frun.exe |
"{F78783E8-EF48-4C46-A154-A96C9F0F642C}" = protocol=17 | dir=in | app=c:\program files\lexmark 9500 series\frun.exe |
"{FC45FB3A-B35E-4F94-A892-BBCED9175038}" = protocol=6 | dir=in | app=c:\program files\lexmark 9500 series\lxdofax.exe |
"{FEFEAD2C-4BF6-4D37-8C32-C922080BAA44}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocoms.exe |
"TCP Query User{02B4F54F-56CC-468B-86B5-FBC7026735B9}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{1163660A-78E7-406C-BFA2-E3D79775FEDB}C:\windows\system32\spool\drivers\w32x86\3\lxdopswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdopswx.exe |
"TCP Query User{29F8CBD3-BCAB-4AF8-A7FC-5A2BB784AC58}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"TCP Query User{2E2E39AB-7664-4877-8C43-C468164CD767}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{3453074D-6288-40CC-A0E6-918FF93F99D7}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{54776137-C9D4-420F-83AC-003ED7EC60D0}D:\vsk5\vsk5.exe" = protocol=6 | dir=in | app=d:\vsk5\vsk5.exe |
"TCP Query User{64B5ED3F-FBEE-482E-8213-32BD413CCF16}C:\program files\lexmark 9500 series\frun.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 9500 series\frun.exe |
"TCP Query User{74187A19-E769-433D-8E22-3C00B2149113}C:\program files\miranda fusion 1.4.2+\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda fusion 1.4.2+\miranda32.exe |
"TCP Query User{843DB101-D9DA-4188-AC96-59DA29F871E7}D:\vsk5 bei data\vsk5.exe" = protocol=6 | dir=in | app=d:\vsk5 bei data\vsk5.exe |
"TCP Query User{95819E68-AD66-4851-A7E5-7B73552B7A6D}C:\program files\miranda fusion 1.4.2+\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda fusion 1.4.2+\miranda32.exe |
"TCP Query User{971474CB-5405-4F1B-AA67-0BDDE819A4BF}C:\program files\lexmark 9500 series\lxdomon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 9500 series\lxdomon.exe |
"TCP Query User{B2A7CF31-35B8-49BF-B4BA-9AE023FDFD4F}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |
"TCP Query User{C712E982-33AC-490A-8694-6DD694903A8E}C:\ruby_on_rails\bin\ruby.exe" = protocol=6 | dir=in | app=c:\ruby_on_rails\bin\ruby.exe |
"TCP Query User{C9A69CEC-DB72-4B58-B85D-AF242CA87AF6}C:\program files\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\mobile4\sync manager\dxp syncml.exe |
"TCP Query User{E3D1B2D4-AC3A-48D6-B5BA-45EDA5AC6616}C:\users\francesco\appdata\local\temp\rar$ex00.568\miranda32.exe" = protocol=6 | dir=in | app=c:\users\francesco\appdata\local\temp\rar$ex00.568\miranda32.exe |
"TCP Query User{FEB0A668-E68E-4C06-80FE-60ADDAC7FCAF}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{00F951C0-CF7A-4795-B504-67B510CED32D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{093334AE-6DB1-4E69-983B-ADBAE9450D54}D:\vsk5\vsk5.exe" = protocol=17 | dir=in | app=d:\vsk5\vsk5.exe |
"UDP Query User{292E75DB-1CC9-49D0-A3B2-DE33A372630E}C:\program files\lexmark 9500 series\frun.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 9500 series\frun.exe |
"UDP Query User{41C95001-C05A-4746-874F-BAEC1552544F}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{640CCE79-6EB2-4A26-9711-5396F8B14043}C:\program files\miranda fusion 1.4.2+\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda fusion 1.4.2+\miranda32.exe |
"UDP Query User{8643E1A7-71AC-4CD5-AB9B-841E98DEAD2E}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"UDP Query User{8A7F3D81-C6D3-4C94-82A9-D48A3739A883}C:\users\francesco\appdata\local\temp\rar$ex00.568\miranda32.exe" = protocol=17 | dir=in | app=c:\users\francesco\appdata\local\temp\rar$ex00.568\miranda32.exe |
"UDP Query User{98308BCA-C33C-4ABE-9D8D-D7180D32D921}C:\program files\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\mobile4\sync manager\dxp syncml.exe |
"UDP Query User{9DCB448C-B6CC-4646-AD3E-EE2DFA7E669B}C:\program files\miranda fusion 1.4.2+\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda fusion 1.4.2+\miranda32.exe |
"UDP Query User{B287E0B9-DD0C-423A-9263-064C1738335F}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |
"UDP Query User{B3518041-2B13-4AD9-90AB-8E0784F9F03C}C:\program files\lexmark 9500 series\lxdomon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 9500 series\lxdomon.exe |
"UDP Query User{C933728E-2927-48E1-A8CC-0014261D4AA0}D:\vsk5 bei data\vsk5.exe" = protocol=17 | dir=in | app=d:\vsk5 bei data\vsk5.exe |
"UDP Query User{DD146821-527F-48C0-84FC-F3E628C1CB4E}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{E3D4C9F9-596A-456A-A332-710D0595A8BF}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{F7C54C82-3082-465A-A690-612BECEDEEF5}C:\ruby_on_rails\bin\ruby.exe" = protocol=17 | dir=in | app=c:\ruby_on_rails\bin\ruby.exe |
"UDP Query User{F86E18EB-2782-4D07-B6EC-78BAF863AFC8}C:\windows\system32\spool\drivers\w32x86\3\lxdopswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdopswx.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00428418-D4AE-4A2B-B866-825F0BF7EC67}" = LG PC Suite II
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{248057F8-58C8-4E44-9182-9AF85DF787FC}" = Adobe Setup
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{310DFC2C-C918-4384-BFFF-245A8971D099}" = Parallels Tools
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{362A43F1-D2C1-4C89-98B7-B9BD894D160D}" = Parallels runtime modules
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4D180A2C-9364-4384-8889-9DD425EC1497}" = PHP 5.3.3
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.081
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BDD15BE-EFF5-436E-B0C1-1E63665854B9}" = BMWi-Softwarepaket 9.3
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = PRODUCT_NAME
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_WebDesigner_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_WebDesigner_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_WebDesigner_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.ONENOTER_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.ONENOTER_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.ONENOTER_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.ONENOTER_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.ONENOTER_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.ONENOTER_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.ONENOTER_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2010
"{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.60.10
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE7FC1FF-8528-47F6-A67C-7017C14DBF3D}" = Control Media
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E901C3E0-E37C-4645-9906-718C3A5FE59F}" = SnapAPI
"{EFFE151C-F863-4B1E-9E22-3C1369B4C690}" = phase6_17
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.1975
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c5cbed37a01f242ac41d8f4528b7a0d" = Adobe Creative Suite 3 Design Standard hinzufügen oder entfernen
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"Blender" = Blender (remove only)
"Bridge Construction Set Demo_is1" = Bridge Construction Set Demo 1.36
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"Derive 6" = Derive 6
"ee4p_is1" = Efficient Elements for presentations 1.2.0.89
"ElsterFormular 13.1.1.8531p" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.00
"Free DVD Ripper 2.25_is1" = Free DVD Ripper Version 2.25
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"FreeWAVToMP3Converter" = Free WAV To MP3 Converter 1.0
"GridVista" = Acer GridVista
"GSview 5.0" = GSview 5.0
"HTScript" = HTScript
"HyperCam 2" = HyperCam 2
"jZip" = jZip
"Lexmark 9500 Series" = Lexmark 9500 Series
"LHTTSGED" = L&H TTS3000 Deutsch
"Live 7.0.16" = Live 7.0.16
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.7.8
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Muon Tau / mDrive" =
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.ONENOTER" = Microsoft OneNote 2010
"PRJPRO" = Microsoft Office Project Professional 2007
"Shockwave" = Shockwave
"StoppUhr" = StoppUhr
"ULTIMATER" = Microsoft Office Ultimate 2007
"UltSounds" = Windows-Soundschemas
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.8a
"WAV to MP3" = WAV to MP3
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
"XMoto" = X-Moto
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1743292834-4225409643-1500153955-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = Converter
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.09.2012 08:40:22 | Computer Name = Francescos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 82968
Error - 23.09.2012 09:57:37 | Computer Name = Francescos-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmpnetwk.exe, Version 11.0.6001.7000, Zeitstempel
0x47919370, fehlerhaftes Modul Indiv01.key, Version 11.0.6000.7000, Zeitstempel
0x474f7f87, Ausnahmecode 0xc0000005, Fehleroffset 0x000adacc, Prozess-ID 0xdc0,
Anwendungsstartzeit 01cd99935b65c190.
Error - 23.09.2012 09:58:25 | Computer Name = Francescos-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmpnetwk.exe, Version 11.0.6001.7000, Zeitstempel
0x47919370, fehlerhaftes Modul Indiv01.key, Version 11.0.6000.7000, Zeitstempel
0x474f7f87, Ausnahmecode 0xc0000005, Fehleroffset 0x000b0778, Prozess-ID 0x510,
Anwendungsstartzeit 01cd99937dbd250d.
Error - 23.09.2012 09:59:48 | Computer Name = Francescos-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmpnetwk.exe, Version 11.0.6001.7000, Zeitstempel
0x47919370, fehlerhaftes Modul Indiv01.key, Version 11.0.6000.7000, Zeitstempel
0x474f7f87, Ausnahmecode 0xc0000005, Fehleroffset 0x000ac993, Prozess-ID 0xf50,
Anwendungsstartzeit 01cd9993add4e898.
Error - 23.09.2012 10:01:06 | Computer Name = Francescos-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.09.2012 23:20:51 | Computer Name = Francescos-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmpnetwk.exe, Version 11.0.6001.7000, Zeitstempel
0x47919370, fehlerhaftes Modul Indiv01.key, Version 11.0.6000.7000, Zeitstempel
0x474f7f87, Ausnahmecode 0xc0000005, Fehleroffset 0x000ab0db, Prozess-ID 0x410,
Anwendungsstartzeit 01cd9a0393b59906.
Error - 23.09.2012 23:21:29 | Computer Name = Francescos-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmpnetwk.exe, Version 11.0.6001.7000, Zeitstempel
0x47919370, fehlerhaftes Modul Indiv01.key, Version 11.0.6000.7000, Zeitstempel
0x474f7f87, Ausnahmecode 0xc0000005, Fehleroffset 0x000ab88a, Prozess-ID 0xd8c,
Anwendungsstartzeit 01cd9a03af8b50b8.
Error - 23.09.2012 23:22:02 | Computer Name = Francescos-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmpnetwk.exe, Version 11.0.6001.7000, Zeitstempel
0x47919370, fehlerhaftes Modul Indiv01.key, Version 11.0.6000.7000, Zeitstempel
0x474f7f87, Ausnahmecode 0xc0000005, Fehleroffset 0x000b0925, Prozess-ID 0x4f4,
Anwendungsstartzeit 01cd9a03c3cbb84e.
Error - 24.09.2012 07:44:49 | Computer Name = Francescos-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung moviemk.exe, Version 6.0.6002.18273, Zeitstempel
0x4c1a4a61, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x057bb5ed, Prozess-ID 0x434, Anwendungsstartzeit
01cd9a49f3c34244.
Error - 25.09.2012 03:56:30 | Computer Name = Francescos-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 12.0.6661.5000, Zeitstempel
0x4f7cd9da, fehlerhaftes Modul wwlib.dll, Version 12.0.6661.5000, Zeitstempel 0x4f7cdad7,
Ausnahmecode 0xc0000005, Fehleroffset 0x00be8501, Prozess-ID 0x734, Anwendungsstartzeit
01cd9accf246c9c6.
[ Media Center Events ]
Error - 17.08.2008 15:34:41 | Computer Name = Francescos-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
[ OSession Events ]
Error - 22.10.2008 11:28:46 | Computer Name = Francescos-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 326
seconds with 120 seconds of active time. This session ended with a crash.
Error - 18.02.2009 12:27:48 | Computer Name = Francescos-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 339
seconds with 240 seconds of active time. This session ended with a crash.
Error - 03.03.2009 02:50:45 | Computer Name = Francescos-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1018
seconds with 240 seconds of active time. This session ended with a crash.
Error - 08.07.2009 14:40:51 | Computer Name = Francescos-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 188864
seconds with 480 seconds of active time. This session ended with a crash.
Error - 21.10.2009 03:28:04 | Computer Name = Francescos-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12.02.2010 15:59:53 | Computer Name = Francescos-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6415.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12.08.2010 16:05:40 | Computer Name = Francescos-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 3706
seconds with 2760 seconds of active time. This session ended with a crash.
Error - 08.03.2011 06:39:47 | Computer Name = Francescos-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.01.2012 11:32:05 | Computer Name = Francescos-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13387
seconds with 300 seconds of active time. This session ended with a crash.
Error - 21.04.2012 18:31:30 | Computer Name = Francescos-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 206881
seconds with 5280 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 23.09.2012 23:19:39 | Computer Name = Francescos-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.09.2012 23:19:39 | Computer Name = Francescos-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.09.2012 23:19:39 | Computer Name = Francescos-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.09.2012 23:19:39 | Computer Name = Francescos-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.09.2012 23:19:39 | Computer Name = Francescos-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.09.2012 23:19:39 | Computer Name = Francescos-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.09.2012 23:19:39 | Computer Name = Francescos-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 23.09.2012 23:20:58 | Computer Name = Francescos-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 23.09.2012 23:21:32 | Computer Name = Francescos-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 23.09.2012 23:22:06 | Computer Name = Francescos-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
[/code] |
|
26.09.2012, 15:24
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | USB Virus (auf Vista Parallels): Verknüfungen statt normale OrdnerCode:
ATTFilter Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.168.255.18 116.228.111.118
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FF7C41C-6405-4A23-A055-6294675E070E}: DhcpNameServer = 180.168.255.18 116.228.111.118
 Firmenrechner werden hier eigentlich nicht bereinigt Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu USB Virus (auf Vista Parallels): Verknüfungen statt normale Ordner |
| administrator, anti-malware, autostart, dateien, downloader, escan, explorer, externe festplatte, festplatte, gen, mac os, mac os x, microsoft, not, ordner, parallels, service pack 2, software, speicher, test, trojan.agent, trojaner, usb, verknüfungen, version, virus, vista, windows, worm |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
