| |
| |||||||
Log-Analyse und Auswertung: TR/spy.729600.4 im sec taktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.09.2010, 13:21
| #1 |
 |  TR/spy.729600.4 im sec takt Hallo liebe Forengemeinde Da ich sogut wie keine Ahnung von Pcs habe, wurde mir vom Kumpel nahegelegt mich an euch zu wenden. Habe folgendes problem Habe mir beim streamen nen virus eingefangen und dummerweise ueber diesen Virus nen antivirenprogramm runtergeladen,da avira antivir diesen nicht deleted (Antivirusguard welches vor systemstart laed) Liess darauf hin Spybot und Avira nach einander laufen bis sie nichts mehr fanden. Nachdem ich irgendwann auf die Idee kam (Antivirusguard) beim systemstart mit dem taskmanager zu beenden fand avira noch folgende viren Virusname Filename TR/spy.729600.4 dlo20.dll.bak findet Avira im sec takt TR/gendal.652288.1 sjaipk[1].htm TR/PSW.ldpinch.apww vvgkfy[1].htm TR/PSW.ldpinch.apww vvgkfy[1].htm TR/PSW.ldpinch.apxc jjdlsnvtov[1].htm TR/Gendal.652288.1 sjaipk[1].htm Da ich wie oben schon gesagt hab nicht wirklich ahung von pcs habe waere ich dankbar wenn man mir den Loesungsweg so einfach wie moeglich erklaert danke schonmal im vorraus greets Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:27:28, on 28.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\PLFSetI.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\WebCam\M3000\M3000Mnt.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\xxx\My Documents\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph10094425l0314wu55w57j2397s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - c:\windows\system32\dlo20.dll (file missing) O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\xxx\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 7615 bytes |
|
28.09.2010, 19:35
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/spy.729600.4 im sec takt Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
28.09.2010, 20:14
| #3 |
| | TR/spy.729600.4 im sec takt Danke hier schonmal die OTL logs
__________________lasse Malwarebytes nochmal durchlaufen Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4712 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 28.09.2010 22:03:30 mbam-log-2010-09-28 (22-03-30).txt Scan type: Full scan (C:\|) Objects scanned: 190462 Time elapsed: 1 hour(s), 4 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Geändert von crazynotion (28.09.2010 um 21:04 Uhr) Grund: edit |
|
28.09.2010, 20:22
| #4 |
| | TR/spy.729600.4 im sec takt extras von otl OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.09.2010 19:24:29 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Wandi\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 428,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 13,25 Gb Free Space | 9,53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KUNDI
Current User Name: Wandi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14
"{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14
"{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14
"{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14
"{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14
"{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14
"{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14
"{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14
"{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14
"{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14
"{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14
"{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14
"{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14
"{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14
"{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14
"{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14
"{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EAGLE 5.10.0" = EAGLE 5.10.0
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview)
"Plus500" = Plus500
"PSpice Student" = PSpice Student 9.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0d73f840.
Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 2022037742.
Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.
Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0e6bf470.
Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 1991869855.
Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490
Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04daf540.
[ System Events ]
Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with
the following error: %%5
Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).
Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
< End of report >
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet  isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14 "{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14 "{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14 "{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14 "{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14 "{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14 "{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14 "{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14 "{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14 "{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14 "{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14 "{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14 "{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14 "{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14 "{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14 "{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14 "{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bwin Poker_is1" = bwin Poker "CCleaner" = CCleaner "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EAGLE 5.10.0" = EAGLE 5.10.0 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube Download_is1" = Free YouTube Download 2.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview) "Plus500" = Plus500 "PSpice Student" = PSpice Student 9.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.1 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0d73f840. Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 2022037742. Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 223121472. Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0e6bf470. Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 1991869855. Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490 Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x04daf540. [ System Events ] Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with the following error: %%5 Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14 "{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14 "{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14 "{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14 "{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14 "{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14 "{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14 "{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14 "{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14 "{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14 "{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14 "{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14 "{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14 "{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14 "{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14 "{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14 "{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bwin Poker_is1" = bwin Poker "CCleaner" = CCleaner "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EAGLE 5.10.0" = EAGLE 5.10.0 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube Download_is1" = Free YouTube Download 2.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview) "Plus500" = Plus500 "PSpice Student" = PSpice Student 9.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.1 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0d73f840. Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 2022037742. Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 223121472. Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0e6bf470. Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 1991869855. Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490 Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x04daf540. [ System Events ] Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with the following error: %%5 Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14 "{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14 "{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14 "{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14 "{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14 "{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14 "{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14 "{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14 "{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14 "{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14 "{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14 "{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14 "{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14 "{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14 "{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14 "{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14 "{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bwin Poker_is1" = bwin Poker "CCleaner" = CCleaner "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EAGLE 5.10.0" = EAGLE 5.10.0 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube Download_is1" = Free YouTube Download 2.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview) "Plus500" = Plus500 "PSpice Student" = PSpice Student 9.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.1 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0d73f840. Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 2022037742. Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 223121472. Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0e6bf470. Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 1991869855. Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490 Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x04daf540. [ System Events ] Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with the following error: %%5 Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. < End of report > ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14 "{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14 "{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14 "{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14 "{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14 "{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14 "{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14 "{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14 "{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14 "{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14 "{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14 "{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14 "{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14 "{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14 "{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14 "{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14 "{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bwin Poker_is1" = bwin Poker "CCleaner" = CCleaner "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EAGLE 5.10.0" = EAGLE 5.10.0 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube Download_is1" = Free YouTube Download 2.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview) "Plus500" = Plus500 "PSpice Student" = PSpice Student 9.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.1 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.09.2010 06:10:26 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0d73f840. Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 2022037742. Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 223121472. Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0e6bf470. Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 1991869855. Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490 Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x04daf540. [ System Events ] Error - 27.09.2010 07:38:09 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 05:03:38 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 06:16:11 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7023 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service terminated with the following error: %%5 Error - 28.09.2010 08:01:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:40:47 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. < End of report > [/quote] |
|
28.09.2010, 20:41
| #5 |
| | TR/spy.729600.4 im sec takt 1ster teil vom OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 28.09.2010 19:24:29 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Wandi\Desktop\MFTools Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 428,00 Mb Available Physical Memory | 42,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 139,04 Gb Total Space | 13,25 Gb Free Space | 9,53% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KUNDI Current User Name: Wandi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe () PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\WINDOWS\PLFSetI.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (osppsvc) -- C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation) SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll () ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys File not found DRV - (Rts516xIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys () DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\rtsustor.sys (Realtek Semiconductor Corp.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (gigvsugc) -- C:\WINDOWS\system32\drivers\gigvsugc.sys (Microsoft Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph10094425l0314wu55w57j2397s IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://georgk86.nl/forum/index.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 18:45:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 18:45:53 | 000,000,000 | ---D | M] [2010.01.10 17:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Extensions [2010.09.28 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions [2010.04.27 18:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.22 09:54:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.22 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.19 14:15:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.19 14:15:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.28 11:45:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin-1.xml [2010.06.23 16:59:38 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin.xml [2010.02.14 13:20:31 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\wikipedia-en.xml [2010.04.15 13:09:41 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\youtube.xml [2010.01.10 17:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.14 14:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.14 14:27:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.14 14:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.14 14:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.14 14:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [M3000Mnt] File not found O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe () O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - Unable to read "AutoRun" value or value not present! O32 - AutoRun File - [2009.07.28 04:32:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\WINDOWS\Dhysya.exe [2010.09.28 19:20:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.28 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:53:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.28 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\MFTools [2010.09.27 10:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010.09.25 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle [2010.09.24 19:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\PokerStrategy.com [2010.09.24 19:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:40 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll [2010.09.22 18:24:39 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll [2010.09.22 18:24:39 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll [2010.09.22 18:24:39 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX [2010.09.22 18:24:39 | 000,121,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll [2010.09.22 18:24:39 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll [2010.09.22 18:24:39 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll [2010.09.22 18:24:39 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2ctdao.dll [2010.09.22 18:24:39 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll [2010.09.22 18:24:38 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn60n.dll [2010.09.22 18:24:37 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crpe32.dll [2010.09.22 18:24:37 | 000,416,768 | ---- | C] (Seagate Software) -- C:\WINDOWS\System32\cpeaut32.dll [2010.09.22 18:24:37 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal [2010.09.22 18:23:37 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2010.09.22 18:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\New Folder (2) [2010.09.22 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\eagle [2010.09.22 17:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2010.09.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\System [2010.09.22 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 09:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 09:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\DVDVideoSoft [2010.09.22 09:53:42 | 002,091,632 | ---- | C] (DVDVideoSoft Limited.) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload.exe [2010.09.22 09:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:11 | 012,692,880 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup [2010.09.21 20:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\CtfmonRemoverDE-v2.3 [2010.09.21 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock [2010.09.21 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009.07.28 05:14:36 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.28 17:53:12 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 17:52:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 11:59:28 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 11:58:45 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.27 13:34:01 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.09.24 19:46:17 | 001,452,371 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:19:14 | 001,471,511 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 15:56:49 | 000,495,908 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:23 | 005,290,891 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:24:44 | 000,006,603 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.22 18:24:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll [2010.09.22 18:24:38 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll [2010.09.22 18:24:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll [2010.09.22 18:24:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll [2010.09.22 18:24:38 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll [2010.09.22 18:24:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll [2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll [2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll [2010.09.22 18:24:38 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll [2010.09.22 18:24:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll [2010.09.22 18:24:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll [2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll [2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll [2010.09.22 18:24:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll [2010.09.22 18:24:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll [2010.09.22 18:24:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll [2010.09.22 18:18:52 | 028,620,288 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:29:13 | 000,645,370 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.21 19:31:44 | 000,134,413 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:44 | 000,113,358 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:16:59 | 000,081,843 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:16:59 | 000,081,252 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:16:59 | 000,075,142 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:16:59 | 000,068,441 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.21 19:16:59 | 000,065,698 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:16:59 | 000,056,756 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.17 16:07:07 | 000,012,081 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.15 08:58:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.01.11 17:08:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.11 17:08:10 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.01.06 19:18:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.24 05:05:57 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll [2009.10.24 05:05:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini [2009.10.24 05:05:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll [2009.10.24 05:05:56 | 000,145,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys [2009.10.24 05:05:56 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2009.10.24 05:05:47 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini [2009.10.23 16:42:10 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.28 07:29:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.07.28 06:21:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll.bak [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll [2009.07.28 04:35:51 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009.07.28 04:30:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dossec.dll ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321 [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 < End of report > PRC - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe () PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\WINDOWS\PLFSetI.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation) MOD - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (osppsvc) -- C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation) SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll () ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys File not found DRV - (Rts516xIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys () DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\rtsustor.sys (Realtek Semiconductor Corp.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (gigvsugc) -- C:\WINDOWS\system32\drivers\gigvsugc.sys (Microsoft Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph10094425l0314wu55w57j2397s IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://georgk86.nl/forum/index.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 18:45:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 18:45:53 | 000,000,000 | ---D | M] [2010.01.10 17:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Extensions [2010.09.28 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions [2010.04.27 18:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.22 09:54:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.22 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.19 14:15:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.19 14:15:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.28 11:45:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin-1.xml [2010.06.23 16:59:38 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin.xml [2010.02.14 13:20:31 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\wikipedia-en.xml [2010.04.15 13:09:41 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\youtube.xml [2010.01.10 17:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.14 14:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.14 14:27:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.14 14:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.14 14:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.14 14:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [M3000Mnt] File not found O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe () O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - Unable to read "AutoRun" value or value not present! O32 - AutoRun File - [2009.07.28 04:32:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.28 19:20:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.28 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:53:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.28 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\MFTools [2010.09.27 10:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010.09.25 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle [2010.09.24 19:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\PokerStrategy.com [2010.09.24 19:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:40 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll [2010.09.22 18:24:39 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll [2010.09.22 18:24:39 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll [2010.09.22 18:24:39 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX [2010.09.22 18:24:39 | 000,121,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll [2010.09.22 18:24:39 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll [2010.09.22 18:24:39 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll [2010.09.22 18:24:39 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2ctdao.dll [2010.09.22 18:24:39 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll [2010.09.22 18:24:38 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn60n.dll [2010.09.22 18:24:37 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crpe32.dll [2010.09.22 18:24:37 | 000,416,768 | ---- | C] (Seagate Software) -- C:\WINDOWS\System32\cpeaut32.dll [2010.09.22 18:24:37 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal [2010.09.22 18:23:37 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2010.09.22 18:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\New Folder (2) [2010.09.22 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\eagle [2010.09.22 17:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2010.09.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\System [2010.09.22 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 09:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 09:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\DVDVideoSoft [2010.09.22 09:53:42 | 002,091,632 | ---- | C] (DVDVideoSoft Limited.) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload.exe [2010.09.22 09:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:11 | 012,692,880 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup [2010.09.21 20:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\CtfmonRemoverDE-v2.3 [2010.09.21 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock [2010.09.21 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009.07.28 05:14:36 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] [/code] Geändert von crazynotion (28.09.2010 um 20:57 Uhr) |
|
28.09.2010, 20:57
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/spy.729600.4 im sec takt Was ist mit malwarebytes? Ich hab nicht geschrieben, dass die Reihenfolge beliebig ist. Eigentlich erst MBAM, dann OTL!
__________________ --> TR/spy.729600.4 im sec takt |
|
28.09.2010, 20:58
| #7 |
| | TR/spy.729600.4 im sec takt ========== Files Created - No Company Name ========== [2010.09.28 17:53:12 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 17:52:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 11:59:28 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 11:58:45 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.27 13:34:01 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.09.24 19:46:17 | 001,452,371 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:19:14 | 001,471,511 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 15:56:49 | 000,495,908 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:23 | 005,290,891 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:24:44 | 000,006,603 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.22 18:24:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll [2010.09.22 18:24:38 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll [2010.09.22 18:24:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll [2010.09.22 18:24:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll [2010.09.22 18:24:38 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll [2010.09.22 18:24:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll [2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll [2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll [2010.09.22 18:24:38 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll [2010.09.22 18:24:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll [2010.09.22 18:24:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll [2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll [2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll [2010.09.22 18:24:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll [2010.09.22 18:24:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll [2010.09.22 18:24:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll [2010.09.22 18:18:52 | 028,620,288 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:29:13 | 000,645,370 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.21 19:31:44 | 000,134,413 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:44 | 000,113,358 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:16:59 | 000,081,843 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:16:59 | 000,081,252 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:16:59 | 000,075,142 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:16:59 | 000,068,441 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.21 19:16:59 | 000,065,698 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:16:59 | 000,056,756 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.17 16:07:07 | 000,012,081 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.15 08:58:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.01.11 17:08:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.11 17:08:10 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.01.06 19:18:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.24 05:05:57 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll [2009.10.24 05:05:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini [2009.10.24 05:05:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll [2009.10.24 05:05:56 | 000,145,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys [2009.10.24 05:05:56 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2009.10.24 05:05:47 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini [2009.10.23 16:42:10 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.28 07:29:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.07.28 06:21:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll.bak [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll [2009.07.28 04:35:51 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009.07.28 04:30:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dossec.dll ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321 [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 < End of report > PRC - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\WINDOWS\WebCam\M3000\M3000Mnt.exe () PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\WINDOWS\PLFSetI.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation) MOD - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (osppsvc) -- C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation) SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll () ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys File not found DRV - (Rts516xIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys () DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\rtsustor.sys (Realtek Semiconductor Corp.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (gigvsugc) -- C:\WINDOWS\system32\drivers\gigvsugc.sys (Microsoft Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://georgk86.nl/forum/index.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 18:45:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 18:45:53 | 000,000,000 | ---D | M] [2010.01.10 17:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Extensions [2010.09.28 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions [2010.04.27 18:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.22 09:54:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.22 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.19 14:15:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.19 14:15:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.28 11:45:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin-1.xml [2010.06.23 16:59:38 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin.xml [2010.02.14 13:20:31 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\wikipedia-en.xml [2010.04.15 13:09:41 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\youtube.xml [2010.01.10 17:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.14 14:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.14 14:27:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.14 14:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.14 14:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.14 14:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [M3000Mnt] File not found O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe () O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - Unable to read "AutoRun" value or value not present! O32 - AutoRun File - [2009.07.28 04:32:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.28 19:20:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.28 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:53:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.28 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\MFTools [2010.09.27 10:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010.09.25 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle [2010.09.24 19:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\PokerStrategy.com [2010.09.24 19:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:40 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll [2010.09.22 18:24:39 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll [2010.09.22 18:24:39 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll [2010.09.22 18:24:39 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX [2010.09.22 18:24:39 | 000,121,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll [2010.09.22 18:24:39 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll [2010.09.22 18:24:39 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll [2010.09.22 18:24:39 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2ctdao.dll [2010.09.22 18:24:39 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll [2010.09.22 18:24:38 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn60n.dll [2010.09.22 18:24:37 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crpe32.dll [2010.09.22 18:24:37 | 000,416,768 | ---- | C] (Seagate Software) -- C:\WINDOWS\System32\cpeaut32.dll [2010.09.22 18:24:37 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal [2010.09.22 18:23:37 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2010.09.22 18:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\New Folder (2) [2010.09.22 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\eagle [2010.09.22 17:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2010.09.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\System [2010.09.22 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 09:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 09:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\DVDVideoSoft [2010.09.22 09:53:42 | 002,091,632 | ---- | C] (DVDVideoSoft Limited.) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload.exe [2010.09.22 09:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:11 | 012,692,880 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup [2010.09.21 20:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\CtfmonRemoverDE-v2.3 [2010.09.21 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock [2010.09.21 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009.07.28 05:14:36 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.28 17:53:12 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 17:52:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 11:59:28 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 11:58:45 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.27 13:34:01 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.09.24 19:46:17 | 001,452,371 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:19:14 | 001,471,511 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 15:56:49 | 000,495,908 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:23 | 005,290,891 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:24:44 | 000,006,603 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.22 18:24:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll [2010.09.22 18:24:38 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll [2010.09.22 18:24:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll [2010.09.22 18:24:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll [2010.09.22 18:24:38 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll [2010.09.22 18:24:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll [2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll [2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll [2010.09.22 18:24:38 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll [2010.09.22 18:24:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll [2010.09.22 18:24:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll [2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll [2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll [2010.09.22 18:24:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll [2010.09.22 18:24:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll [2010.09.22 18:24:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll [2010.09.22 18:18:52 | 028,620,288 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:29:13 | 000,645,370 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.21 19:31:44 | 000,134,413 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:44 | 000,113,358 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:16:59 | 000,081,843 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:16:59 | 000,081,252 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:16:59 | 000,075,142 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:16:59 | 000,068,441 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.21 19:16:59 | 000,065,698 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:16:59 | 000,056,756 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.17 16:07:07 | 000,012,081 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.15 08:58:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.01.11 17:08:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.11 17:08:10 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.01.06 19:18:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.24 05:05:57 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll [2009.10.24 05:05:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini [2009.10.24 05:05:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll [2009.10.24 05:05:56 | 000,145,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys [2009.10.24 05:05:56 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2009.10.24 05:05:47 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini [2009.10.23 16:42:10 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.28 07:29:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.07.28 06:21:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll.bak [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll [2009.07.28 04:35:51 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009.07.28 04:30:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dossec.dll ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321 [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 < End of report > [2010.09.28 19:45:28 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Wandi\ntuser.dat.LOG [2010.09.28 19:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Skype [2010.09.28 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010.09.28 19:20:54 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Application Data [2010.09.28 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop [2010.09.28 17:53:05 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2010.09.28 17:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 17:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Desktop [2010.09.28 17:40:58 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 17:40:47 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 14:11:09 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2010.09.28 12:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2010.09.28 12:15:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Cookies [2010.09.28 11:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.09.27 10:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.26 09:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2 [2010.09.25 21:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle [2010.09.25 12:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Tracing [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2010.09.24 19:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 19:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\dvdcss [2010.09.24 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 17:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:58:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\My Documents [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:39:03 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 16:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 16:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:28:03 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\Start Menu [2010.09.22 10:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2010.09.22 09:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.16 18:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.09.11 16:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\skypePM [2010.09.06 17:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2010.08.31 09:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent [2010.08.31 04:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft [2010.08.31 04:34:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Application Data\Microsoft [2010.03.25 11:00:35 | 000,093,064 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010.03.20 01:38:55 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.03.20 01:38:50 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.06 19:23:50 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.27 22:14:56 | 004,843,300 | -H-- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\IconCache.db [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Wandi\Application Data\desktop.ini [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321 [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 < End of report > [2010.09.28 19:49:37 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Wandi\ntuser.dat.LOG [2010.09.28 19:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Skype [2010.09.28 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010.09.28 19:20:54 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Application Data [2010.09.28 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop [2010.09.28 17:53:05 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2010.09.28 17:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 17:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Desktop [2010.09.28 17:40:58 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 17:40:47 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 14:11:09 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2010.09.28 12:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2010.09.28 12:15:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Cookies [2010.09.28 11:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.09.27 10:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.26 09:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2 [2010.09.25 21:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle [2010.09.25 12:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Tracing [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2010.09.24 19:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 19:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\dvdcss [2010.09.24 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 17:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:58:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\My Documents [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:39:03 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 16:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 16:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:28:03 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\Start Menu [2010.09.22 10:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2010.09.22 09:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.16 18:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.09.11 16:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\skypePM [2010.09.06 17:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2010.08.31 09:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent [2010.08.31 04:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft [2010.08.31 04:34:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Application Data\Microsoft [2010.03.25 11:00:35 | 000,093,064 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010.03.20 01:38:55 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.03.20 01:38:50 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.06 19:23:50 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.27 22:14:56 | 004,843,300 | -H-- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\IconCache.db [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Wandi\Application Data\desktop.ini [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 19:09:33 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 19:09:33 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 19:09:33 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 19:05:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 17:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:56:03 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 17:55:17 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 17:55:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 16:29:24 | 000,006,603 | ---- | M] () -- C:\WINDOWS\PSPICEEV.INI [2010.09.23 15:56:49 | 000,495,908 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip [2010.09.23 15:56:35 | 005,290,891 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321 [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2010.09.25 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\PriceGong [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 17:57:16 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 < End of report > |
|
28.09.2010, 21:11
| #8 |
| | TR/spy.729600.4 im sec takt hier ist der erste log vom maleware sry wegen der unubersichtlichkeit weiss nicht wie ich das wegbekomme vllt waere es gut wenn nen admin meine beitraege editiert greets Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4712 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 28.09.2010 18:59:44 mbam-log-2010-09-28 (18-59-44).txt Scan type: Full scan (C:\|) Objects scanned: 189870 Time elapsed: 1 hour(s), 0 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
28.09.2010, 21:42
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/spy.729600.4 im sec takt Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll ()
O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll ()
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
[2010.09.22 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\PriceGong
[2010.09.23 15:56:49 | 000,495,908 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_v9.zip
[2010.09.23 15:56:23 | 005,290,891 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\0273694243_csf_multisim.zip
[2010.09.22 18:24:44 | 000,006,603 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI
[2010.09.22 18:24:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2010.09.22 18:24:38 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2010.09.22 18:24:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2010.09.22 18:24:38 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2010.09.22 18:24:38 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2010.09.22 18:24:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2010.09.22 18:24:38 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2010.09.22 18:24:38 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2010.09.22 18:24:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2010.09.22 18:24:38 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2010.09.22 18:24:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2010.09.22 18:24:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2010.09.22 18:24:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2010.09.22 18:24:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2010.01.04 16:56:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.29 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\2FE3C73E8A6EF87BC87529BEE60EA321
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.09.2010, 22:49
| #11 |
| | TR/spy.729600.4 im sec takt OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.09.2010 23:30:08 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Wandi\Desktop\MFTools Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 513,00 Mb Available Physical Memory | 51,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 139,04 Gb Total Space | 13,31 Gb Free Space | 9,57% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KUNDI Current User Name: Wandi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (osppsvc) -- C:\WINDOWS\system32\OSPPSVC.EXE (Microsoft Corporation) SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (usfwvyrf) -- C:\WINDOWS\System32\dlo20.dll () ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys File not found DRV - (Rts516xIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (M3000Srv) -- C:\WINDOWS\system32\drivers\M3000KNT.sys () DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\rtsustor.sys (Realtek Semiconductor Corp.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (gigvsugc) -- C:\WINDOWS\system32\drivers\gigvsugc.sys (Microsoft Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph10094425l0314wu55w57j2397s IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://georgk86.nl/forum/index.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.28 20:45:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 18:45:53 | 000,000,000 | ---D | M] [2010.01.10 17:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Extensions [2010.09.28 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions [2010.04.27 18:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.22 09:54:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.22 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.19 14:15:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.19 14:15:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.28 11:45:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin-1.xml [2010.06.23 16:59:38 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\icqplugin.xml [2010.02.14 13:20:31 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\wikipedia-en.xml [2010.04.15 13:09:41 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\Mozilla\Firefox\Profiles\kberp9we.default\searchplugins\youtube.xml [2010.01.10 17:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.14 14:27:26 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.14 14:27:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.14 14:27:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.14 14:27:26 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.14 14:27:26 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.28 23:25:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: () - {B4BD1731-FC83-412B-91E0-A8ECADDD7F43} - C:\WINDOWS\System32\dlo20.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe () O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Wandi\Desktop\MFTools\OTL.exe (OldTimer Tools) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - Unable to read "AutoRun" value or value not present! O32 - AutoRun File - [2009.07.28 04:32:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.28 23:24:47 | 000,000,000 | ---D | C] -- C:\_OTL [2010.09.28 19:20:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.28 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:53:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.28 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\MFTools [2010.09.27 10:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010.09.26 09:12:33 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys [2010.09.26 09:11:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010.09.25 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle [2010.09.24 19:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\PokerStrategy.com [2010.09.24 19:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:40 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll [2010.09.22 18:24:39 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll [2010.09.22 18:24:39 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll [2010.09.22 18:24:39 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX [2010.09.22 18:24:39 | 000,121,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll [2010.09.22 18:24:39 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll [2010.09.22 18:24:39 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll [2010.09.22 18:24:39 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2ctdao.dll [2010.09.22 18:24:39 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll [2010.09.22 18:24:38 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn60n.dll [2010.09.22 18:24:37 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crpe32.dll [2010.09.22 18:24:37 | 000,416,768 | ---- | C] (Seagate Software) -- C:\WINDOWS\System32\cpeaut32.dll [2010.09.22 18:24:37 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal [2010.09.22 18:23:37 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2010.09.22 18:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\New Folder (2) [2010.09.22 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\eagle [2010.09.22 17:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\System [2010.09.22 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.09.22 09:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 09:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 09:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\My Documents\DVDVideoSoft [2010.09.22 09:53:42 | 002,091,632 | ---- | C] (DVDVideoSoft Limited.) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload.exe [2010.09.22 09:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:11 | 012,692,880 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ctfmon.exe.backup [2010.09.21 20:32:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe.backup [2010.09.21 20:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wandi\Desktop\CtfmonRemoverDE-v2.3 [2010.09.21 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock [2010.09.21 19:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009.07.28 05:14:36 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 23:32:11 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 23:32:11 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 23:32:11 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 23:27:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 23:27:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 23:27:04 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 23:26:25 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 23:26:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 23:25:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010.09.28 21:27:30 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\otl.7z [2010.09.28 21:27:00 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Desktop.7z [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.28 21:27:30 | 000,014,065 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\otl.7z [2010.09.28 21:27:00 | 000,014,065 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Desktop.7z [2010.09.28 17:53:12 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 17:52:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 11:59:28 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 11:58:45 | 000,002,928 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.27 13:34:01 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.09.24 19:46:17 | 001,452,371 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:19:14 | 001,471,511 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.22 18:18:52 | 028,620,288 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:29:13 | 000,645,370 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.21 19:31:44 | 000,134,413 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:44 | 000,113,358 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:16:59 | 000,081,843 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:16:59 | 000,081,252 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:16:59 | 000,075,142 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:16:59 | 000,068,441 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.21 19:16:59 | 000,065,698 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:16:59 | 000,056,756 | ---- | C] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.17 16:07:07 | 000,012,081 | ---- | C] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.15 08:58:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.01.11 17:08:11 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.11 17:08:10 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.01.06 19:18:19 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.24 05:05:57 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll [2009.10.24 05:05:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini [2009.10.24 05:05:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll [2009.10.24 05:05:56 | 000,145,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys [2009.10.24 05:05:56 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2009.10.24 05:05:47 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini [2009.10.23 16:42:10 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.28 07:29:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.07.28 06:21:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll.bak [2009.07.28 05:14:12 | 000,729,600 | ---- | C] () -- C:\WINDOWS\System32\dlo20.dll [2009.07.28 04:35:51 | 000,007,003 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009.07.28 04:30:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dossec.dll ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== < End of report > [2010.09.28 23:38:36 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Wandi\ntuser.dat.LOG [2010.09.28 23:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Desktop [2010.09.28 23:32:11 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 23:32:11 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 23:32:11 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 23:27:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 23:27:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 23:26:25 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 23:26:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 23:25:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010.09.28 23:25:58 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Application Data [2010.09.28 23:25:58 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2010.09.28 23:24:40 | 000,002,510 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 23:24:29 | 000,002,928 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\B4BD1731-FC83-412B-91E0-A8ECADDD7F43.txt [2010.09.28 23:23:16 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock [2010.09.28 23:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Skype [2010.09.28 23:20:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Cookies [2010.09.28 22:59:03 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Wandi\Recent [2010.09.28 21:27:30 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\otl.7z [2010.09.28 21:27:00 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Desktop.7z [2010.09.28 20:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Tracing [2010.09.28 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010.09.28 17:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Malwarebytes [2010.09.28 17:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop [2010.09.28 17:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.28 14:11:09 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2010.09.28 12:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2010.09.28 11:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.09.27 10:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010.09.27 10:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010.09.27 10:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.26 09:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2 [2010.09.25 21:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle [2010.09.24 19:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\PokerStrategy.com [2010.09.24 19:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStrategy.com [2010.09.24 19:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Downloaded Installations [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 19:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\dvdcss [2010.09.24 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.23 17:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DVDVideoSoftTB [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Help [2010.09.22 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Help [2010.09.22 18:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\OrCAD_Demo [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\EAGLE-5.10.0 [2010.09.22 17:58:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\My Documents [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:39:03 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT_tureg_new.LOG [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 16:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoftTB [2010.09.22 16:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Conduit [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.09.22 14:28:03 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Wandi\Start Menu [2010.09.22 10:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:53:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DVDVideoSoft [2010.09.22 09:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2010.09.22 09:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.16 18:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.09.11 16:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\skypePM [2010.09.06 17:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2010.08.31 09:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent [2010.08.31 04:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Local Settings\Application Data\Microsoft [2010.08.31 04:34:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Wandi\Application Data\Microsoft [2010.03.25 11:00:35 | 000,093,064 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010.03.20 01:38:55 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010.03.20 01:38:50 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\A67807F7B8.sys [2010.01.06 19:23:50 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Wandi\Application Data\wklnhst.dat [2009.11.09 14:14:19 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\postgresinstall.bat [2009.10.27 22:14:56 | 004,843,300 | -H-- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\IconCache.db [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Wandi\Application Data\desktop.ini [2009.07.27 21:27:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 23:32:11 | 000,594,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.09.28 23:32:11 | 000,497,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.09.28 23:32:11 | 000,085,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.09.28 23:27:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 23:27:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 23:27:04 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys [2010.09.28 23:26:25 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT [2010.09.28 23:26:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wandi\ntuser.ini [2010.09.28 23:25:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010.09.28 21:27:30 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\otl.7z [2010.09.28 21:27:00 | 000,014,065 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Desktop.7z [2010.09.28 17:53:12 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:52:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Gmer.zip [2010.09.28 17:52:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\defogger.exe [2010.09.27 13:34:01 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.26 21:34:03 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Wandi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 19:47:03 | 001,452,371 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0341.jpg [2010.09.24 17:20:05 | 001,471,511 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Foto0344.jpg [2010.09.22 18:21:06 | 028,620,288 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\91pspstu.exe [2010.09.22 16:39:03 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010.09.22 16:36:43 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Wandi\NTUSER.DAT_tureg_old [2010.09.22 16:29:13 | 000,645,370 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Electronica_tentamenbundel.pdf [2010.09.22 10:09:11 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Free M4a to MP3 Converter.lnk [2010.09.22 10:09:11 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\My Music Tools.lnk [2010.09.22 09:53:58 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.22 09:52:20 | 012,692,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\Wandi\Desktop\FreeYouTubeDownload_29.exe [2010.09.21 19:31:56 | 000,134,413 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 1.png [2010.09.21 19:31:56 | 000,113,358 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\cc cleaner einstellungen 2.png [2010.09.21 19:18:34 | 000,065,698 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Suche.jpg [2010.09.21 19:17:37 | 000,081,252 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Archive.jpg [2010.09.21 19:17:36 | 000,075,142 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Suche.jpg [2010.09.21 19:17:25 | 000,081,843 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Allgemeines - Erweiterte Gefahrenkategorien.jpg [2010.09.21 19:17:21 | 000,056,756 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Scanner - Heuristik.jpg [2010.09.21 19:17:20 | 000,068,441 | ---- | M] () -- C:\Documents and Settings\Wandi\My Documents\Einstellungen unter Guard - Heuristik.jpg [2010.09.17 17:24:15 | 000,012,081 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Arbeitstunden.xlsx [2010.09.17 16:19:49 | 000,042,873 | ---- | M] () -- C:\Documents and Settings\Wandi\Desktop\Verkauf.xlsx [2010.09.15 16:05:43 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010.09.15 08:58:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== LOP Check ========== [2009.07.28 07:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010.04.27 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009.12.21 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.01.04 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2009.07.28 07:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer [2009.07.28 06:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Acer GameZone Console [2010.09.22 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\CadSoft [2010.02.12 12:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1 [2010.09.22 09:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\DVDVideoSoftIEHelpers [2010.09.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\eSobi [2010.05.27 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\FinalMediaPlayer [2010.04.07 18:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\MSNInstaller [2009.07.28 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Super-Cow [2010.01.06 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Template [2010.01.04 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\TuneUp Software [2010.09.27 10:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\uTorrent [2010.08.25 02:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wandi\Application Data\Windows Live Writer [2010.09.28 23:29:23 | 000,000,566 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job ========== Purity Check ========== < End of report > |
|
28.09.2010, 22:50
| #12 |
| | TR/spy.729600.4 im sec takt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.09.2010 23:30:08 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Wandi\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 513,00 Mb Available Physical Memory | 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 13,31 Gb Free Space | 9,57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KUNDI
Current User Name: Wandi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14
"{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14
"{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14
"{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14
"{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14
"{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14
"{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14
"{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14
"{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14
"{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14
"{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14
"{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14
"{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14
"{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14
"{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14
"{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14
"{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EAGLE 5.10.0" = EAGLE 5.10.0
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube Download_is1" = Free YouTube Download 2.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview)
"Plus500" = Plus500
"PSpice Student" = PSpice Student 9.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 2022037742.
Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.
Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0e6bf470.
Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001
Description = Fault bucket 1991869855.
Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490
Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04daf540.
Error - 28.09.2010 17:23:27 | Computer Name = KUNDI | Source = Application Hang | ID = 1002
Description = Hanging application peerblock.exe, version 1.0.0.181, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
Error - 28.09.2010 17:22:36 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting.
Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).
Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The Raw Socket Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 28.09.2010 17:29:06 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022
Description = The Terminal Server Device Redirector Helper service hung on starting.
< End of report >
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{10140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14 "{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14 "{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14 "{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14 "{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14 "{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14 "{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14 "{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14 "{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14 "{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14 "{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14 "{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14 "{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14 "{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14 "{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14 "{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14 "{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bwin Poker_is1" = bwin Poker "CCleaner" = CCleaner "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EAGLE 5.10.0" = EAGLE 5.10.0 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube Download_is1" = Free YouTube Download 2.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview) "Plus500" = Plus500 "PSpice Student" = PSpice Student 9.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.1 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.09.2010 06:10:46 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 2022037742. Error - 28.09.2010 07:13:59 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 28.09.2010 07:14:50 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Error - 28.09.2010 07:14:59 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 223121472. Error - 28.09.2010 08:35:37 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0e6bf470. Error - 28.09.2010 08:36:41 | Computer Name = KUNDI | Source = Application Error | ID = 1001 Description = Fault bucket 1991869855. Error - 28.09.2010 11:58:30 | Computer Name = KUNDI | Source = ESENT | ID = 490 Description = svchost (1728) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 28.09.2010 11:59:22 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 28.09.2010 12:50:05 | Computer Name = KUNDI | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x04daf540. Error - 28.09.2010 17:23:27 | Computer Name = KUNDI | Source = Application Hang | ID = 1002 Description = Hanging application peerblock.exe, version 1.0.0.181, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 28.09.2010 11:54:03 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:54:04 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 11:58:22 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 17:22:36 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The i8042 Keyboard and PS/2 Mouse Port Helper service hung on starting. Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 17:24:48 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7034 Description = The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s). Error - 28.09.2010 17:29:06 | Computer Name = KUNDI | Source = Service Control Manager | ID = 7022 Description = The Terminal Server Device Redirector Helper service hung on starting. < End of report > |
|
29.09.2010, 09:05
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/spy.729600.4 im sec takt Du solltest den Fix mit OTL machen und nicht ein OTL.txt posten. Falsches Log?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.09.2010, 10:24
| #14 |
| | TR/spy.729600.4 im sec takt mhh also habe den text bei OTL eingefuegt und den fix gemacht aber da kam kein log darum habe ich otl nochmal laufen lasse greets |
|
29.09.2010, 10:38
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/spy.729600.4 im sec takt Mach den Fix bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/spy.729600.4 im sec takt |
| adobe, antivir guard, avg, avira, bho, browser, desktop, excel, explorer, file, firefox, hijack, hijackthis, internet, internet explorer, monitor, mozilla, object, programm, rundll, software, taskmanager, tr/spy., virus, virus eingefangen, windows, windows xp |
Linear-Darstellung
