| |
| |||||||
Log-Analyse und Auswertung: C:\Windows\System32\rundll32.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.10.2010, 14:41
| #1 |
| |  C:\Windows\System32\rundll32.exe Hallo und einen guten Tag. Ich schaue nun schon seit einer woche in verschiedenen Foren und Webeinträgen nach meinem Fehler. Folgender: Immer wenn ich z.B. in Systemsteuerung\Anpassung\Anzeige;Design;Fenster und Darstelluing, klicken möchte kommt die Meldung :"Auf das angegebene Gerät bzw. Pfad oder Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können" . Ein anderes Beispiel ist auch wenn ich USB Geräte Anschließe oder das Datum meiner Uhr ändern möchte. Es kommt mir vor als wurden mir die Berechtigungen als Administrator entzogen. Denn vor einer Woche hatte ich einen Virus Befall. Diesen konnte ich meiner Meinung nach löschen, doch die Fehlermeldung ist geblieben. Ich habe schon die Möglichkeit des Besitz übernehmens versucht und diverse Anleitungen probiert doch nichts hat geholfen. Ich benutze Windows Vista Home Premium 32bit Mein Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:31:09, on 31.10.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\System32\rundll32.exe C:\Windows\PLFSetI.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conime.exe C:\Users\***\Downloads\Load.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\***\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins7/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) F1 - win.ini: load=C:\Windows\SlAsH.bat F1 - win.ini: run=C:\Windows\SlAsH.bat O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [U36VRSFLG6] C:\Users\Martin\AppData\Local\Temp\Pzl.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: SETAUDIO.EXE O4 - Global Startup: SETRES.EXE O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12535 bytes  |
|
31.10.2010, 14:51
| #2 |
| /// Malware-holic   |  C:\Windows\System32\rundll32.exe ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide |
|
31.10.2010, 15:23
| #3 |
| | C:\Windows\System32\rundll32.exe Danke für die schnelle Antwort.
__________________Ich habe den Scan durchgeführt. zunächst der OTL.Txt Report:OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.10.2010 15:07:54 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Martin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): d:\pagefile.sys 4603 4603 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,79 Gb Total Space | 13,07 Gb Free Space | 9,09% Space Free | Partition Type: NTFS Drive D: | 140,29 Gb Total Space | 68,96 Gb Free Space | 49,15% Space Free | Partition Type: NTFS Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 465,65 Gb Total Space | 201,87 Gb Free Space | 43,35% Space Free | Partition Type: FAT32 Drive R: | 1023,00 Mb Total Space | 1022,99 Mb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Martin\Desktop\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Users\Martin\Downloads\Load.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\iTunes\iTunes.exe (Apple Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\Martin\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (GGSAFERDriver) -- D:\Garena\plugins\UI\safedrv.sys File not found DRV - (GarenaPEngine) -- C:\Users\Martin\AppData\Local\Temp\ZMW933C.tmp () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RRamdisk) -- C:\Windows\system32\DRIVERS\rramdisk.sys (gavotte) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP: ????? ? ????????? IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = QIP: ????? ? ????????? IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = QIP: ????? ? ????????? IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data] IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = QIP: ????? ? ????????? IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1 FF - prefs.js..extensions.enabledItems: vd@bbmao.com:0.8.7 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.0.8 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.23 20:26:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 08:00:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.31 08:00:52 | 000,000,000 | ---D | M] [2010.02.14 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2010.10.30 19:33:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions [2010.06.09 18:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.16 09:01:19 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.08.08 16:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.14 18:57:21 | 000,000,000 | ---D | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060} [2010.10.14 18:57:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.02.14 13:40:40 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2010.10.14 18:57:24 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.09.10 16:12:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.14 13:42:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\vd@bbmao.com [2010.08.06 10:42:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\youtube2mp3@mondayx.de [2010.10.26 15:23:25 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin-1.xml [2010.10.21 14:00:19 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin-2.xml [2010.10.31 08:01:03 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin-3.xml [2010.08.08 16:27:26 | 000,000,168 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin.gif [2010.08.08 16:27:26 | 000,000,618 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin.src [2010.09.14 13:57:01 | 000,000,945 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin.xml [2010.02.27 20:36:30 | 000,002,061 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\qipsearch.xml [2010.10.30 19:33:59 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.09.23 14:16:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2006.08.09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npWebLaunch.dll [2010.07.27 16:45:34 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.27 16:45:34 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.27 16:45:34 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.07 09:00:52 | 000,001,208 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\search.xml [2010.07.27 16:45:34 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.27 16:45:34 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3760374313-2429106835-967571473-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-3760374313-2429106835-967571473-1000..\Run: [U36VRSFLG6] C:\Users\Martin\AppData\Local\Temp\Pzl.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.02.25 17:24:44 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2003.05.02 15:47:02 | 000,000,000 | RH-D | M] - G:\autorun -- [ FAT32 ] O33 - MountPoints2\{4592283f-1723-11df-ab0a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4592283f-1723-11df-ab0a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2004.10.21 18:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation) O33 - MountPoints2\{7f26d77f-18ca-11df-80db-cc4f4bf07bdd}\Shell - "" = AutoRun O33 - MountPoints2\{7f26d77f-18ca-11df-80db-cc4f4bf07bdd}\Shell\AutoRun\command - "" = H:\Autorun.EXE -- File not found O33 - MountPoints2\{fc502e94-4eff-11df-8f92-001e689d491f}\Shell - "" = AutoRun O33 - MountPoints2\{fc502e94-4eff-11df-8f92-001e689d491f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.10.31 15:05:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2010.10.31 14:30:21 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Martin\Desktop\HiJackThis.exe [2010.10.31 14:27:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2010.10.31 09:45:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft [2010.10.27 16:48:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rundll32 (2).exe [2010.10.26 18:07:37 | 000,000,000 | ---D | C] -- C:\Programme\NT Registry Optimizer [2010.10.25 18:27:46 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes [2010.10.25 18:27:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.25 18:27:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.25 18:27:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.25 18:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.25 18:03:44 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Martin\Desktop\spybotsd_1.6.2.46.exe [2010.10.25 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\HPAppData [2010.10.25 17:20:09 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Recolored [2010.10.24 15:23:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Steinberg [2010.10.24 15:23:38 | 001,324,544 | ---- | C] (AD) -- C:\Windows\System32\SYNSOAIR.DLL [2010.10.24 15:23:38 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll [2010.10.24 15:23:38 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\Rex Shared Library.dll [2010.10.24 15:22:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\VST3 [2010.10.24 15:22:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steinberg [2010.10.19 20:35:16 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\ProgSense [2010.10.19 20:35:14 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\GrabPro [2010.10.19 20:35:10 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader [2010.10.19 20:35:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Orbit [2010.10.19 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\Martin\rtmpdump-2.3 [2010.10.14 18:54:58 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.10.14 18:54:57 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.10.14 18:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.10.14 18:53:05 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.10.14 18:52:01 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.10.14 18:49:29 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.10.13 16:48:34 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.13 16:47:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.13 16:47:33 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.13 16:47:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.13 16:47:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.13 16:47:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.13 16:47:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.13 16:47:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.13 16:47:29 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.13 16:47:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.13 16:47:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.13 16:47:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.13 16:47:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.13 16:47:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.13 16:47:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.13 16:47:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.13 16:47:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.13 16:47:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.13 16:47:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.13 16:47:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.13 16:47:07 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.13 16:47:07 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.13 16:47:04 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.13 16:46:59 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.13 16:46:57 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.13 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\WePrint [2010.10.13 16:46:49 | 000,000,000 | ---D | C] -- C:\Programme\WePrint [2010.10.09 18:06:35 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\photoshooting greifswald [2010.10.08 22:33:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\39245 Wrong Turn at Tahoe German 2009 DVDRip XviD-ViDEOWELT [2010.10.06 17:25:10 | 000,000,000 | ---D | C] -- C:\Programme\iTeleport [2010.10.03 18:11:20 | 000,000,000 | ---D | C] -- C:\Users\Martin\youlia [2010.10.01 19:28:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll ========== Files - Modified Within 30 Days ========== [2010.10.31 15:05:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2010.10.31 15:04:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.31 14:30:42 | 000,247,774 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\nvModes.001 [2010.10.31 14:30:22 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Martin\Desktop\HiJackThis.exe [2010.10.31 14:27:53 | 000,050,477 | ---- | M] () -- C:\Users\Martin\Desktop\defogger.exe [2010.10.31 14:27:52 | 000,286,404 | ---- | M] () -- C:\Users\Martin\Desktop\Gmer.zip [2010.10.31 13:50:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.31 13:50:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.31 13:02:27 | 000,072,704 | ---- | M] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.31 12:26:48 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.31 09:51:43 | 000,028,702 | ---- | M] () -- C:\Users\Martin\518Zbpb6EIL._SL500_AA300_.jpg [2010.10.31 09:45:55 | 000,001,073 | ---- | M] () -- C:\Users\Martin\Desktop\DVDVideoSoft Free Studio.lnk [2010.10.31 07:56:54 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.31 07:56:54 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.31 07:56:54 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.31 07:56:54 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.31 07:54:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.31 07:50:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.31 07:50:27 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2010.10.27 14:39:05 | 000,247,774 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\nvModes.dat [2010.10.27 13:44:34 | 000,000,104 | ---- | M] () -- C:\Users\Martin\Desktop\E-Mail - Verknüpfung.lnk [2010.10.26 18:33:48 | 003,407,872 | -HS- | M] () -- C:\Users\Martin\ntuser.bak [2010.10.26 18:07:37 | 000,000,858 | ---- | M] () -- C:\Users\Martin\Desktop\NTREGOPT.lnk [2010.10.25 18:41:23 | 000,000,095 | ---- | M] () -- C:\Windows\wininit.ini [2010.10.25 18:27:36 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.25 18:05:44 | 000,001,096 | ---- | M] () -- C:\Users\Martin\Desktop\Spybot - Search & Destroy.lnk [2010.10.25 18:04:11 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Martin\Desktop\spybotsd_1.6.2.46.exe [2010.10.25 17:09:34 | 000,037,996 | ---- | M] () -- C:\Users\Martin\129098752_full,r,470x470.jpg [2010.10.24 15:23:38 | 000,000,744 | ---- | M] () -- C:\Users\Martin\Desktop\Cubase 4.lnk [2010.10.22 14:56:29 | 000,064,351 | ---- | M] () -- C:\Users\Martin\517Cb3m9SOL.jpg [2010.10.21 20:29:36 | 001,416,254 | ---- | M] () -- C:\Users\Martin\Desktop\2.Praise To The LORD, The Almighty † Lobe Den Herren Tune.mp3 [2010.10.21 20:27:47 | 001,239,040 | ---- | M] () -- C:\Users\Martin\Desktop\4.Ave Maria Bach-Gounod ORGAN Solo.mp3 [2010.10.21 20:24:09 | 001,310,302 | ---- | M] () -- C:\Users\Martin\Desktop\1.Kirchenorgel_ Großer Gott wir loben Dich (257).mp3 [2010.10.21 19:55:51 | 003,180,283 | ---- | M] () -- C:\Users\Martin\Desktop\3.J.S. Bach - BWV 720 - Ein feste Burg ist unser Gott.mp3 [2010.10.19 20:36:41 | 000,000,755 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.10.19 20:35:13 | 000,000,889 | ---- | M] () -- C:\Users\Martin\Desktop\Orbit.lnk [2010.10.19 16:36:17 | 000,536,400 | ---- | M] () -- C:\Users\Martin\Martin.jpg [2010.10.19 16:32:49 | 002,226,104 | ---- | M] () -- C:\Users\Martin\Angela.jpg [2010.10.19 16:24:33 | 002,188,373 | ---- | M] () -- C:\Users\Martin\Andreas.jpg [2010.10.14 19:44:33 | 000,442,148 | ---- | M] () -- C:\Users\Martin\20_07_08_2008_5_22_52_As I Lay Dying - A Long March.jpg [2010.10.14 18:53:17 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.14 18:35:51 | 002,245,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.09 19:29:58 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2010.10.07 16:34:58 | 002,895,630 | ---- | M] () -- C:\Users\Martin\DSCF7152.jpg [2010.10.03 15:54:27 | 002,932,794 | ---- | M] () -- C:\Users\Martin\ScanImage001.jpg [2010.10.02 18:09:35 | 002,918,540 | ---- | M] () -- C:\Users\Martin\DSCF7223.jpg ========== Files Created - No Company Name ========== [2010.10.31 14:27:52 | 000,050,477 | ---- | C] () -- C:\Users\Martin\Desktop\defogger.exe [2010.10.31 14:27:51 | 000,286,404 | ---- | C] () -- C:\Users\Martin\Desktop\Gmer.zip [2010.10.31 09:51:42 | 000,028,702 | ---- | C] () -- C:\Users\Martin\518Zbpb6EIL._SL500_AA300_.jpg [2010.10.27 16:43:40 | 000,005,708 | ---- | C] () -- C:\k9371937.DLL [2010.10.27 13:44:34 | 000,000,104 | ---- | C] () -- C:\Users\Martin\Desktop\E-Mail - Verknüpfung.lnk [2010.10.26 18:48:42 | 000,001,433 | ---- | C] () -- C:\Users\Martin\set.txt [2010.10.26 18:09:39 | 000,262,144 | -H-- | C] () -- C:\Users\Martin\ntuser.tmp.LOG1 [2010.10.26 18:09:39 | 000,000,000 | -H-- | C] () -- C:\Users\Martin\ntuser.tmp.LOG2 [2010.10.26 18:07:37 | 000,000,858 | ---- | C] () -- C:\Users\Martin\Desktop\NTREGOPT.lnk [2010.10.25 18:41:23 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini [2010.10.25 18:27:36 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.25 18:05:44 | 000,001,096 | ---- | C] () -- C:\Users\Martin\Desktop\Spybot - Search & Destroy.lnk [2010.10.25 17:09:33 | 000,037,996 | ---- | C] () -- C:\Users\Martin\129098752_full,r,470x470.jpg [2010.10.24 15:23:38 | 000,000,744 | ---- | C] () -- C:\Users\Martin\Desktop\Cubase 4.lnk [2010.10.22 15:00:01 | 000,027,380 | ---- | C] () -- C:\Users\Martin\Future Trance 53.txt [2010.10.22 14:56:28 | 000,064,351 | ---- | C] () -- C:\Users\Martin\517Cb3m9SOL.jpg [2010.10.21 20:29:34 | 001,416,254 | ---- | C] () -- C:\Users\Martin\Desktop\2.Praise To The LORD, The Almighty † Lobe Den Herren Tune.mp3 [2010.10.21 20:27:47 | 001,239,040 | ---- | C] () -- C:\Users\Martin\Desktop\4.Ave Maria Bach-Gounod ORGAN Solo.mp3 [2010.10.21 20:24:08 | 001,310,302 | ---- | C] () -- C:\Users\Martin\Desktop\1.Kirchenorgel_ Großer Gott wir loben Dich (257).mp3 [2010.10.21 19:54:35 | 003,180,283 | ---- | C] () -- C:\Users\Martin\Desktop\3.J.S. Bach - BWV 720 - Ein feste Burg ist unser Gott.mp3 [2010.10.19 20:39:28 | 000,277,812 | ---- | C] () -- C:\Users\Martin\rtlnow_videoplayer09_2.swf [2010.10.19 20:35:13 | 000,000,889 | ---- | C] () -- C:\Users\Martin\Desktop\Orbit.lnk [2010.10.19 16:36:17 | 000,536,400 | ---- | C] () -- C:\Users\Martin\Martin.jpg [2010.10.19 16:32:48 | 002,226,104 | ---- | C] () -- C:\Users\Martin\Angela.jpg [2010.10.19 16:24:33 | 002,188,373 | ---- | C] () -- C:\Users\Martin\Andreas.jpg [2010.10.14 19:44:33 | 000,442,148 | ---- | C] () -- C:\Users\Martin\20_07_08_2008_5_22_52_As I Lay Dying - A Long March.jpg [2010.10.14 18:55:30 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.14 18:53:17 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.07 16:34:52 | 002,895,630 | ---- | C] () -- C:\Users\Martin\DSCF7152.jpg [2010.10.03 15:54:27 | 002,932,794 | ---- | C] () -- C:\Users\Martin\ScanImage001.jpg [2010.10.02 18:09:31 | 002,918,540 | ---- | C] () -- C:\Users\Martin\DSCF7223.jpg [2010.08.05 15:23:08 | 000,000,760 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\setup_ldm.iss [2010.07.30 15:50:13 | 000,045,056 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\chrtmp [2010.07.30 15:50:09 | 001,429,302 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Rotating_earth_(large).gif [2010.05.30 20:06:23 | 000,000,680 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat [2010.05.30 17:54:34 | 000,000,600 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\winscp.rnd [2010.03.21 16:35:39 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.03.09 19:42:59 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.03.09 19:42:59 | 000,000,008 | RHS- | C] () -- C:\ProgramData\C7A98F3B16.sys [2010.03.09 18:27:04 | 000,001,056 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.03.09 18:27:04 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\7CE52A14B3.sys [2010.02.27 18:31:30 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll [2010.02.20 11:24:08 | 000,000,302 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\wklnhst.dat [2010.02.16 19:51:25 | 000,001,582 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.02.13 20:48:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.12 20:14:02 | 000,247,774 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\nvModes.001 [2010.02.12 19:49:35 | 000,247,774 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\nvModes.dat [2010.02.12 01:35:17 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2010.02.12 01:34:22 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2010.02.11 17:41:54 | 000,072,704 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.11 17:09:04 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2010.02.11 17:09:04 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2010.02.11 16:42:18 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.03.26 00:32:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.25 22:00:11 | 000,000,144 | ---- | C] () -- C:\Windows\Alaunch.ini [2008.03.25 21:59:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.03.25 15:21:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.25 15:20:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.03.25 14:54:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Acer GameZone Console [2010.02.28 17:16:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ashampoo [2010.02.23 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Blender Foundation [2010.10.31 09:45:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft [2010.04.21 17:54:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Facebook [2010.08.06 10:37:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FLV Extract [2010.10.31 15:08:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Free Download Manager [2010.04.06 15:26:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeFLVConverter [2010.05.10 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeVideoConverter [2010.10.19 20:35:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GrabPro [2010.10.31 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ [2010.03.11 15:03:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IrfanView [2010.03.04 19:46:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Jpeg Resampler [2010.08.05 15:23:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech [2010.08.19 22:05:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LG Electronics [2010.04.22 20:43:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\NeatImage SL [2010.02.14 00:32:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org [2010.04.08 14:43:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera [2010.10.19 20:42:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Orbit [2010.10.19 20:35:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ProgSense [2010.10.24 15:51:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Publish Providers [2010.10.25 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Recolored [2010.04.08 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony [2010.08.19 22:24:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony Creative Software [2010.04.07 10:16:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spyware Terminator [2010.10.24 15:24:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Steinberg [2010.02.20 11:24:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Template [2010.02.28 01:16:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\thriXXX [2010.03.08 16:34:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software [2010.10.30 21:30:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.03.25 14:54:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Acer GameZone Console [2010.08.01 19:03:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Adobe [2010.02.25 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Apple Computer [2010.02.28 17:16:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ashampoo [2010.03.24 22:57:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Avira [2010.02.23 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Blender Foundation [2010.03.09 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Corel [2010.05.25 16:55:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DivX [2010.10.21 20:14:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\dvdcss [2010.10.31 09:45:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft [2010.04.21 17:54:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Facebook [2010.08.06 10:37:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FLV Extract [2010.10.31 15:08:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Free Download Manager [2010.04.06 15:26:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeFLVConverter [2010.05.10 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeVideoConverter [2010.03.13 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Google [2010.10.19 20:35:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GrabPro [2010.03.11 14:59:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HP [2010.10.25 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HPAppData [2010.07.18 12:14:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HpUpdate [2010.10.31 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ [2010.02.11 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Identities [2010.08.19 21:56:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\InstallShield [2010.03.11 15:03:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IrfanView [2010.03.04 19:46:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Jpeg Resampler [2010.08.05 15:23:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech [2010.08.19 22:05:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LG Electronics [2010.08.05 15:23:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Logitech [2010.03.25 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Macromedia [2010.10.25 18:27:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Center Programs [2010.06.11 15:34:27 | 000,000,000 | --SD | M] -- C:\Users\Martin\AppData\Roaming\Microsoft [2010.02.14 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mozilla [2010.04.22 20:43:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\NeatImage SL [2010.02.14 00:32:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org [2010.04.08 14:43:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera [2010.10.19 20:42:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Orbit [2010.10.19 20:35:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ProgSense [2010.10.24 15:51:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Publish Providers [2010.10.25 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Recolored [2010.10.31 13:58:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Skype [2010.10.31 08:05:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\skypePM [2010.04.08 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony [2010.08.19 22:24:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony Creative Software [2010.04.07 10:16:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spyware Terminator [2010.10.24 15:24:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Steinberg [2010.02.20 11:24:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Template [2010.02.28 01:16:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\thriXXX [2010.03.08 16:34:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software [2010.10.31 09:23:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\vlc [2010.02.14 21:15:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.04.21 17:54:30 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Martin\AppData\Roaming\Facebook\uninstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.11.22 09:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\DRV\Robson\Winall\Driver64\IaStor.sys [2007.11.22 09:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2007.11.22 09:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_108fe68b\iaStor.sys [2007.11.22 09:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_4f0cb505\iaStor.sys [2007.11.22 09:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\DRV\Robson\Winall\Driver\IaStor.sys [2007.11.22 09:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2007.11.22 09:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.11.22 09:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys [2007.11.22 09:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 03:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll [2009.04.10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2010.03.05 15:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 853 bytes -> C:\Users\Martin\Documents\Wir haben Ihre Bestellung erhalten.eml:OECustomProperty @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5CB1E0D3 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 1017 bytes -> C:\Users\Martin\Documents\posterXXL Rechnung (Auftrag DA-a5438-64706).eml:OECustomProperty < End of report > Nun der Extras.Txt Report:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.10.2010 15:07:54 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Martin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): d:\pagefile.sys 4603 4603 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,79 Gb Total Space | 13,07 Gb Free Space | 9,09% Space Free | Partition Type: NTFS
Drive D: | 140,29 Gb Total Space | 68,96 Gb Free Space | 49,15% Space Free | Partition Type: NTFS
Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 465,65 Gb Total Space | 201,87 Gb Free Space | 43,35% Space Free | Partition Type: FAT32
Drive R: | 1023,00 Mb Total Space | 1022,99 Mb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1305231A-E309-45F3-8C46-82F7F3E17A94}" = lport=137 | protocol=17 | dir=in | app=system |
"{256E6360-E68A-4629-A20D-93D999B1113F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A8D1F6C-2643-49FD-A2EF-C81B43AE42B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34C12DE3-093D-4C0B-86E4-FF799222B986}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{359FE5BC-0EAE-4751-80D1-1026E3D5A95D}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C84998D-0214-4FFB-A0F0-E8E7AB1BB1AA}" = rport=139 | protocol=6 | dir=out | app=system |
"{3EDD61B6-A22A-48D7-8EEA-4714BF09B88E}" = rport=445 | protocol=6 | dir=out | app=system |
"{50E07700-3E99-4927-AD69-0E18A4B5FC60}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5A859264-EFD7-426E-B4D2-20F7A3162EF8}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{5C123798-5E4B-4053-8E73-26771C216E00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{691F8D2F-ABEB-49C6-B20A-909BA001DB90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70335C4D-D782-4C27-B5D3-55D3AC48804E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{903E8DC4-D6CF-4FC6-9882-3B74170421DC}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2C96D3C-1B02-45D5-9334-22CCA38E796D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BBA13F6A-5102-447A-9DC6-A515E0B0447D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C3C8A582-3398-4FE8-96FA-1568A069801B}" = rport=137 | protocol=17 | dir=out | app=system |
"{CC0B5DBA-F8D0-427F-AB1A-D19B2FF46B5E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E5C89230-0AC4-4C6C-9153-EDE272982986}" = rport=138 | protocol=17 | dir=out | app=system |
"{F03574DD-29DF-48A2-B53F-649AC83E10EE}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0031A919-3B94-452C-AD55-CCB71B170B23}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{0194FEB3-2DBD-40D9-A5B7-DF4D3D4C4F92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{046C8867-0162-4372-B58E-0F3F9E1FB41D}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0885DA31-614F-4D3D-A0FC-AC0AA5887E68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0CF2B498-582B-4719-8A0D-C6561F3CF3E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A66F375-38FD-4E48-B725-6BE5349985CB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{2E09F79B-03BB-40DF-B25C-1EE775441F59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{3563062C-D41B-4943-B6ED-C450609E41AD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{36482A8E-508E-41A1-A1F3-A19E311019AA}" = protocol=17 | dir=in | app=d:\tom clancy´s hawx spiel\hawx_dx10.exe |
"{3757AA9B-7B61-440F-8179-443CA4CE1F86}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{385F3ECE-DB09-47BF-B00F-59E0A34E4C74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3998C1EF-D394-49F3-80A1-8136A2E3320C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C877229-3C2A-4707-90CF-D8C7DC7E94AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40641522-A184-4FB0-AA09-D549ED52B98C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{432BB57C-9E98-43CE-9538-D22E6FC14B03}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{44A3A70A-8EC4-4D40-AA11-CEBDF4637B71}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{47A8BC4A-AD4C-4CD9-A225-34BB99139989}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47D443E9-1022-4E90-9CF2-4246E46A1AC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48106EEC-0EFB-4DAE-B1EE-F22436D7EDA4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{49BC1A93-BB15-4C7A-BB2E-E9760532E2EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BD389D9-87F7-49FB-A1D2-BBF12CDFEBF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51E11E0A-3F18-4C77-8026-68C12C799072}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56397CDF-E579-42F4-A2B3-8E889697FDFB}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{571AEDA5-6A43-4F68-9BC1-0F1E31238384}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AAB3534-FF0B-44B6-BCB9-E665A701D33D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E88C601-D247-4C33-A3FA-97E9A16DC151}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E9F1C2A-8940-4069-B25B-EF506F40DAE0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{60B9D033-4E9B-4368-8958-2CC7A5A01F12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64C8779C-1809-4AF6-9336-B6745F8975F4}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{65E4A118-BAA9-4E0B-AC85-CEB1CAA3CC29}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{67D01BBD-A8F4-400A-9766-269546B4A0C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68E98D11-28D1-4151-ADD9-3E35F41ACA59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{702B36E7-2B52-4E38-A702-60B27B6E7BB2}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{73D40DCF-F1C2-4B8B-ABF8-4BECADC1BC02}" = protocol=6 | dir=in | app=d:\tom clancy´s hawx spiel\hawx_dx10.exe |
"{7555BC73-ABE2-499E-A78E-614F2826F3E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{782916A0-A41C-440E-AA0B-88CCC1FA174C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7865990F-A547-4D2C-AD35-D027C95CC858}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{79EE2CC0-2C45-4DA0-848C-2BCC1D965479}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83E51B8C-A428-47DC-8B8B-5E13FB21192A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88615003-F8FD-4D35-9EFC-1916FB574E0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{895CF078-65AE-47DD-9FAE-7D887F6924A0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{90C5AFC4-D45C-4FA9-A12B-2050417EC9EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90D75476-4A84-42BB-8AC5-457CDDFCFE40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{925B3524-254E-4C7C-AF68-3B8316EF0BF7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{97D8EAA6-EA0F-4FFB-B18E-B49104E23F4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{985880DF-C5F1-439F-81EE-19BFFC82F876}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98FD8AAF-09A3-4A7A-9DBF-9A60C108EBF4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9C352274-D317-456A-9FC0-67B333A6B875}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{9C829F2C-67E6-4A02-BC27-4869203FBD9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FE443B4-8B29-4C66-A0D8-4A11FE952810}" = protocol=17 | dir=in | app=d:\tom clancy´s hawx spiel\hawx.exe |
"{A25D884A-350B-4008-9DEB-2712A1A84D1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5A7C1C8-3AA3-4A90-99A6-1A6A381F50BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{A9EDA4A0-A167-42CD-AACE-981E6F6EDED2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{AC8D8763-D647-4448-8D47-A21D4AFA5C92}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B08C48FE-5AE4-439A-8878-F70BF4D0E055}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{B2F8BFEC-2290-448D-854E-F67CBE9DBC67}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B8315DD7-DF2D-4C43-BFF5-92F865231EAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDFC26CB-0CBE-4DDD-8356-10858BEC19FC}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{BE708C4E-286C-442C-B932-462FD0BBBDFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4FBB7F6-55D5-415E-98CA-F65BB9B9BE53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C70AC0C1-AD57-4F7C-992C-D163DD46D640}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAB12CA4-F407-45A4-ABA2-5BF27DD3AE25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{CDC2EBC8-BAF2-470D-A532-366D27F0F61E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAB187F1-7D75-42BF-B3F6-33BF3B2B276C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE5B6DA3-27E4-465F-9958-6F5637A15DDD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFB886EB-00D4-4B65-8753-106C1EA89F62}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{E14FE159-CCF0-481E-A694-AA1C6F2A6B98}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7918A42-4040-4377-BB73-CFF9331D1B60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EAF9788E-032E-4F98-841A-C32F168030CE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{EFDF7E18-629F-4819-8D75-5DCD3A5FC2A4}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F40C1271-02A8-40C3-B5C0-D71E513A5702}" = protocol=6 | dir=in | app=d:\tom clancy´s hawx spiel\hawx.exe |
"{F6B5442A-9F84-4B46-81E5-E23E697B96FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F912E999-E162-47BD-9E98-3E9F71705DB9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F93444A0-F4C2-4AF1-A66F-80436645A130}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FC280E92-0042-411A-802D-9FC11D7C5B14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEBE9473-E71B-4159-9F7A-95E35A34C907}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{1C6A2EDA-6A7E-4A91-A938-428BA0B58C0D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{233DFC6C-7EAE-44B2-AD30-6BAAFBB57C2C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{256562E9-8180-48C3-8272-78126B163769}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{325B21CA-48A3-495A-89CD-286C216A72ED}C:\program files\weprint\weprint server.exe" = protocol=6 | dir=in | app=c:\program files\weprint\weprint server.exe |
"TCP Query User{389F4343-2ABC-4ABA-8B96-DD90F280148D}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"TCP Query User{5751F598-6D70-464C-84EF-F5429048CDB6}C:\users\martin\appdata\local\temp\rar$ex03.079\rtmpdump-2.3\rtmpsrv.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex03.079\rtmpdump-2.3\rtmpsrv.exe |
"TCP Query User{5A77068B-6AF8-4111-BBFB-E131208D769C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6A0EB1D1-A9B6-4A91-97E8-47B5971E96EE}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"TCP Query User{8DE3020F-D363-4963-BDD3-EB67C7D15624}C:\users\martin\appdata\local\temp\rar$ex01.537\rtmpdump-2.3\rtmpgw.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex01.537\rtmpdump-2.3\rtmpgw.exe |
"TCP Query User{9DD6815F-E05E-4575-AACD-0BD8E1FAF200}D:\counter strike\hl2.exe" = protocol=6 | dir=in | app=d:\counter strike\hl2.exe |
"TCP Query User{9F426303-E8DB-4493-9B4E-1A0CD4AFD78D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CA215AB5-CC1E-4587-8604-C2E1CE834C29}C:\users\martin\appdata\local\temp\rar$ex00.249\rtmpdump-2.3\rtmpgw.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex00.249\rtmpdump-2.3\rtmpgw.exe |
"TCP Query User{D69DCDEB-B556-43DD-A68A-76C25F7F62CC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{DFA1A552-53DD-4CF3-A52F-A5F41F2F36A4}C:\users\martin\appdata\local\temp\rar$ex06.294\rtmpdump-2.3\rtmpsuck.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex06.294\rtmpdump-2.3\rtmpsuck.exe |
"TCP Query User{EB0F83EE-A27C-4F3B-B140-913AD1E422BA}D:\garena\garena.exe" = protocol=6 | dir=in | app=d:\garena\garena.exe |
"TCP Query User{F75D9039-F7CA-4804-A69F-D32FED01CE2E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{FFB0352E-A8BD-4AAA-AACD-CCC454BDAD8A}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{05E696AE-EC89-452C-B8C6-C57148D4FDE0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{072A1106-6493-4862-A0CC-186082807055}D:\garena\garena.exe" = protocol=17 | dir=in | app=d:\garena\garena.exe |
"UDP Query User{0AE7B009-B029-42A1-912F-C83E248711E5}C:\users\martin\appdata\local\temp\rar$ex01.537\rtmpdump-2.3\rtmpgw.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex01.537\rtmpdump-2.3\rtmpgw.exe |
"UDP Query User{11CD9A58-8562-44F2-B095-58A00B7F719E}D:\counter strike\hl2.exe" = protocol=17 | dir=in | app=d:\counter strike\hl2.exe |
"UDP Query User{143E9827-0823-4E73-AD5B-F297DCC17AD9}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"UDP Query User{2C286D5C-1A1E-4399-9AB6-96623C503C05}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{2DD3CCCD-2806-4D02-9CFB-55ACCDFB9E91}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{50155FFF-F492-4389-8760-DB1C03E0BC84}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5817ADD7-0CFD-4E63-8DD1-BFD5B0D251EE}C:\users\martin\appdata\local\temp\rar$ex00.249\rtmpdump-2.3\rtmpgw.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex00.249\rtmpdump-2.3\rtmpgw.exe |
"UDP Query User{5C4409F3-815F-452E-81C7-CF329B89D9AE}C:\program files\weprint\weprint server.exe" = protocol=17 | dir=in | app=c:\program files\weprint\weprint server.exe |
"UDP Query User{8036649D-2E42-451F-A96C-BEA9F43FBE6A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{82D7BB63-3E24-4169-BDCC-75C3FD22580B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A79D53A5-D0E1-4878-B5E6-FA74D04FDF92}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{BA679242-A751-4009-8A01-0877459DF2BE}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{BED8E55B-91B8-414C-A78F-7FA8D4EDD580}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{C8BCF1F9-60FB-47EC-B17B-BC9985C9614B}C:\users\martin\appdata\local\temp\rar$ex03.079\rtmpdump-2.3\rtmpsrv.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex03.079\rtmpdump-2.3\rtmpsrv.exe |
"UDP Query User{FE2CAB55-D6CA-4160-AAD3-6616555517B9}C:\users\martin\appdata\local\temp\rar$ex06.294\rtmpdump-2.3\rtmpsuck.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex06.294\rtmpdump-2.3\rtmpsuck.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FC9C3C9-443B-4790-BD09-7F871161E9FB}" = iTeleport Connect
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F2F5589-0217-43A6-91E9-B0F172D32CC9}_is1" = MF Shutdown Manager 1.0.1
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4400_Help
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0BA9A89-99BE-4BFB-8837-9299010FB216}" = Language - Support Files
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Chicken Invaders 3_is1" = Chicken Invaders 3
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Counter-Strike: Source v17" = Counter-Strike: Source v17
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Audio Converter_is1" = Free Audio Converter version 2.2.9
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Video Converter_is1" = Free Video Converter V 2.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Garena" = Garena 2010
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"JPEG Resampler_is1" = JPEG Resampler Vs 5.0
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"nik Color Efex Pro 2.0 Complete" = nik Color Efex Pro 2.0 Complete
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"Steinberg Cubase_is1" = Steinberg Cubase v4.1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy
"Facebook Plug-In" = Facebook Plug-In
"Flash Video Downloader" = Flash Video Downloader
"Google Translator" = Google Translator
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.10.2010 17:01:26 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 20.10.2010 17:01:26 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 20.10.2010 17:01:26 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 20.10.2010 17:01:26 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 20.10.2010 17:01:26 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 21.10.2010 08:54:52 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.10.2010 08:56:22 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 21.10.2010 08:56:22 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.10.2010 05:32:17 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.10.2010 05:33:48 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 08.08.2010 04:51:00 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 08.08.2010 11:27:34 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 08.08.2010 11:27:42 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 14.08.2010 07:16:39 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.08.2010 07:17:52 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 14.08.2010 07:17:57 | Computer Name = Martin-PC | Source = DCOM | ID = 10005
Description =
Error - 14.08.2010 07:17:57 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.08.2010 07:17:57 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.08.2010 11:41:02 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.08.2010 11:42:24 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
|
|
31.10.2010, 15:24
| #4 |
| | C:\Windows\System32\rundll32.exe Danke für die schnelle Antwort. Ich habe den Scan durchgeführt. zunächst der OTL.Txt Report: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.10.2010 15:07:54 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Martin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): d:\pagefile.sys 4603 4603 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,79 Gb Total Space | 13,07 Gb Free Space | 9,09% Space Free | Partition Type: NTFS Drive D: | 140,29 Gb Total Space | 68,96 Gb Free Space | 49,15% Space Free | Partition Type: NTFS Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 465,65 Gb Total Space | 201,87 Gb Free Space | 43,35% Space Free | Partition Type: FAT32 Drive R: | 1023,00 Mb Total Space | 1022,99 Mb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Martin\Desktop\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Users\Martin\Downloads\Load.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\iTunes\iTunes.exe (Apple Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\Martin\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (GGSAFERDriver) -- D:\Garena\plugins\UI\safedrv.sys File not found DRV - (GarenaPEngine) -- C:\Users\Martin\AppData\Local\Temp\ZMW933C.tmp () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RRamdisk) -- C:\Windows\system32\DRIVERS\rramdisk.sys (gavotte) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP: ????? ? ????????? IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = QIP: ????? ? ????????? IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = QIP: ????? ? ????????? IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data] IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = QIP: ????? ? ????????? IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1 FF - prefs.js..extensions.enabledItems: vd@bbmao.com:0.8.7 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.0.8 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.23 20:26:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 08:00:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.31 08:00:52 | 000,000,000 | ---D | M] [2010.02.14 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2010.10.30 19:33:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions [2010.06.09 18:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.16 09:01:19 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.08.08 16:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.14 18:57:21 | 000,000,000 | ---D | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060} [2010.10.14 18:57:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.02.14 13:40:40 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2010.10.14 18:57:24 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.09.10 16:12:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.14 13:42:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\vd@bbmao.com [2010.08.06 10:42:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vejwc9e0.default\extensions\youtube2mp3@mondayx.de [2010.10.26 15:23:25 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin-1.xml [2010.10.21 14:00:19 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin-2.xml [2010.10.31 08:01:03 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin-3.xml [2010.08.08 16:27:26 | 000,000,168 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin.gif [2010.08.08 16:27:26 | 000,000,618 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin.src [2010.09.14 13:57:01 | 000,000,945 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\icqplugin.xml [2010.02.27 20:36:30 | 000,002,061 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\FireFox\Profiles\vejwc9e0.default\searchplugins\qipsearch.xml [2010.10.30 19:33:59 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.09.23 14:16:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2006.08.09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npWebLaunch.dll [2010.07.27 16:45:34 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.27 16:45:34 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.27 16:45:34 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.07 09:00:52 | 000,001,208 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\search.xml [2010.07.27 16:45:34 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.27 16:45:34 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-3760374313-2429106835-967571473-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3760374313-2429106835-967571473-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-3760374313-2429106835-967571473-1000..\Run: [U36VRSFLG6] C:\Users\Martin\AppData\Local\Temp\Pzl.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.02.25 17:24:44 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2003.05.02 15:47:02 | 000,000,000 | RH-D | M] - G:\autorun -- [ FAT32 ] O33 - MountPoints2\{4592283f-1723-11df-ab0a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4592283f-1723-11df-ab0a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2004.10.21 18:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation) O33 - MountPoints2\{7f26d77f-18ca-11df-80db-cc4f4bf07bdd}\Shell - "" = AutoRun O33 - MountPoints2\{7f26d77f-18ca-11df-80db-cc4f4bf07bdd}\Shell\AutoRun\command - "" = H:\Autorun.EXE -- File not found O33 - MountPoints2\{fc502e94-4eff-11df-8f92-001e689d491f}\Shell - "" = AutoRun O33 - MountPoints2\{fc502e94-4eff-11df-8f92-001e689d491f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.10.31 15:05:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2010.10.31 14:30:21 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Martin\Desktop\HiJackThis.exe [2010.10.31 14:27:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2010.10.31 09:45:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft [2010.10.27 16:48:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rundll32 (2).exe [2010.10.26 18:07:37 | 000,000,000 | ---D | C] -- C:\Programme\NT Registry Optimizer [2010.10.25 18:27:46 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes [2010.10.25 18:27:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.25 18:27:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.25 18:27:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.25 18:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.25 18:03:44 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Martin\Desktop\spybotsd_1.6.2.46.exe [2010.10.25 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\HPAppData [2010.10.25 17:20:09 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Recolored [2010.10.24 15:23:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Steinberg [2010.10.24 15:23:38 | 001,324,544 | ---- | C] (AD) -- C:\Windows\System32\SYNSOAIR.DLL [2010.10.24 15:23:38 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll [2010.10.24 15:23:38 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\Rex Shared Library.dll [2010.10.24 15:22:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\VST3 [2010.10.24 15:22:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steinberg [2010.10.19 20:35:16 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\ProgSense [2010.10.19 20:35:14 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\GrabPro [2010.10.19 20:35:10 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader [2010.10.19 20:35:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Orbit [2010.10.19 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\Martin\rtmpdump-2.3 [2010.10.14 18:54:58 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.10.14 18:54:57 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.10.14 18:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.10.14 18:53:05 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.10.14 18:52:01 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.10.14 18:49:29 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.10.13 16:48:34 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.13 16:47:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.13 16:47:33 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.13 16:47:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.13 16:47:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.13 16:47:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.13 16:47:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.13 16:47:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.13 16:47:29 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.13 16:47:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.13 16:47:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.13 16:47:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.13 16:47:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.13 16:47:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.13 16:47:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.13 16:47:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.13 16:47:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.13 16:47:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.13 16:47:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.13 16:47:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.13 16:47:07 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.13 16:47:07 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.13 16:47:04 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.13 16:46:59 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.13 16:46:57 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.13 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\WePrint [2010.10.13 16:46:49 | 000,000,000 | ---D | C] -- C:\Programme\WePrint [2010.10.09 18:06:35 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\photoshooting greifswald [2010.10.08 22:33:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\39245 Wrong Turn at Tahoe German 2009 DVDRip XviD-ViDEOWELT [2010.10.06 17:25:10 | 000,000,000 | ---D | C] -- C:\Programme\iTeleport [2010.10.03 18:11:20 | 000,000,000 | ---D | C] -- C:\Users\Martin\youlia [2010.10.01 19:28:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll ========== Files - Modified Within 30 Days ========== [2010.10.31 15:05:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2010.10.31 15:04:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.31 14:30:42 | 000,247,774 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\nvModes.001 [2010.10.31 14:30:22 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Martin\Desktop\HiJackThis.exe [2010.10.31 14:27:53 | 000,050,477 | ---- | M] () -- C:\Users\Martin\Desktop\defogger.exe [2010.10.31 14:27:52 | 000,286,404 | ---- | M] () -- C:\Users\Martin\Desktop\Gmer.zip [2010.10.31 13:50:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.31 13:50:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.31 13:02:27 | 000,072,704 | ---- | M] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.31 12:26:48 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.31 09:51:43 | 000,028,702 | ---- | M] () -- C:\Users\Martin\518Zbpb6EIL._SL500_AA300_.jpg [2010.10.31 09:45:55 | 000,001,073 | ---- | M] () -- C:\Users\Martin\Desktop\DVDVideoSoft Free Studio.lnk [2010.10.31 07:56:54 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.31 07:56:54 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.31 07:56:54 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.31 07:56:54 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.31 07:54:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.31 07:50:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.31 07:50:27 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2010.10.27 14:39:05 | 000,247,774 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\nvModes.dat [2010.10.27 13:44:34 | 000,000,104 | ---- | M] () -- C:\Users\Martin\Desktop\E-Mail - Verknüpfung.lnk [2010.10.26 18:33:48 | 003,407,872 | -HS- | M] () -- C:\Users\Martin\ntuser.bak [2010.10.26 18:07:37 | 000,000,858 | ---- | M] () -- C:\Users\Martin\Desktop\NTREGOPT.lnk [2010.10.25 18:41:23 | 000,000,095 | ---- | M] () -- C:\Windows\wininit.ini [2010.10.25 18:27:36 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.25 18:05:44 | 000,001,096 | ---- | M] () -- C:\Users\Martin\Desktop\Spybot - Search & Destroy.lnk [2010.10.25 18:04:11 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Martin\Desktop\spybotsd_1.6.2.46.exe [2010.10.25 17:09:34 | 000,037,996 | ---- | M] () -- C:\Users\Martin\129098752_full,r,470x470.jpg [2010.10.24 15:23:38 | 000,000,744 | ---- | M] () -- C:\Users\Martin\Desktop\Cubase 4.lnk [2010.10.22 14:56:29 | 000,064,351 | ---- | M] () -- C:\Users\Martin\517Cb3m9SOL.jpg [2010.10.21 20:29:36 | 001,416,254 | ---- | M] () -- C:\Users\Martin\Desktop\2.Praise To The LORD, The Almighty † Lobe Den Herren Tune.mp3 [2010.10.21 20:27:47 | 001,239,040 | ---- | M] () -- C:\Users\Martin\Desktop\4.Ave Maria Bach-Gounod ORGAN Solo.mp3 [2010.10.21 20:24:09 | 001,310,302 | ---- | M] () -- C:\Users\Martin\Desktop\1.Kirchenorgel_ Großer Gott wir loben Dich (257).mp3 [2010.10.21 19:55:51 | 003,180,283 | ---- | M] () -- C:\Users\Martin\Desktop\3.J.S. Bach - BWV 720 - Ein feste Burg ist unser Gott.mp3 [2010.10.19 20:36:41 | 000,000,755 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.10.19 20:35:13 | 000,000,889 | ---- | M] () -- C:\Users\Martin\Desktop\Orbit.lnk [2010.10.19 16:36:17 | 000,536,400 | ---- | M] () -- C:\Users\Martin\Martin.jpg [2010.10.19 16:32:49 | 002,226,104 | ---- | M] () -- C:\Users\Martin\Angela.jpg [2010.10.19 16:24:33 | 002,188,373 | ---- | M] () -- C:\Users\Martin\Andreas.jpg [2010.10.14 19:44:33 | 000,442,148 | ---- | M] () -- C:\Users\Martin\20_07_08_2008_5_22_52_As I Lay Dying - A Long March.jpg [2010.10.14 18:53:17 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.14 18:35:51 | 002,245,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.09 19:29:58 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2010.10.07 16:34:58 | 002,895,630 | ---- | M] () -- C:\Users\Martin\DSCF7152.jpg [2010.10.03 15:54:27 | 002,932,794 | ---- | M] () -- C:\Users\Martin\ScanImage001.jpg [2010.10.02 18:09:35 | 002,918,540 | ---- | M] () -- C:\Users\Martin\DSCF7223.jpg ========== Files Created - No Company Name ========== [2010.10.31 14:27:52 | 000,050,477 | ---- | C] () -- C:\Users\Martin\Desktop\defogger.exe [2010.10.31 14:27:51 | 000,286,404 | ---- | C] () -- C:\Users\Martin\Desktop\Gmer.zip [2010.10.31 09:51:42 | 000,028,702 | ---- | C] () -- C:\Users\Martin\518Zbpb6EIL._SL500_AA300_.jpg [2010.10.27 16:43:40 | 000,005,708 | ---- | C] () -- C:\k9371937.DLL [2010.10.27 13:44:34 | 000,000,104 | ---- | C] () -- C:\Users\Martin\Desktop\E-Mail - Verknüpfung.lnk [2010.10.26 18:48:42 | 000,001,433 | ---- | C] () -- C:\Users\Martin\set.txt [2010.10.26 18:09:39 | 000,262,144 | -H-- | C] () -- C:\Users\Martin\ntuser.tmp.LOG1 [2010.10.26 18:09:39 | 000,000,000 | -H-- | C] () -- C:\Users\Martin\ntuser.tmp.LOG2 [2010.10.26 18:07:37 | 000,000,858 | ---- | C] () -- C:\Users\Martin\Desktop\NTREGOPT.lnk [2010.10.25 18:41:23 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini [2010.10.25 18:27:36 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.25 18:05:44 | 000,001,096 | ---- | C] () -- C:\Users\Martin\Desktop\Spybot - Search & Destroy.lnk [2010.10.25 17:09:33 | 000,037,996 | ---- | C] () -- C:\Users\Martin\129098752_full,r,470x470.jpg [2010.10.24 15:23:38 | 000,000,744 | ---- | C] () -- C:\Users\Martin\Desktop\Cubase 4.lnk [2010.10.22 15:00:01 | 000,027,380 | ---- | C] () -- C:\Users\Martin\Future Trance 53.txt [2010.10.22 14:56:28 | 000,064,351 | ---- | C] () -- C:\Users\Martin\517Cb3m9SOL.jpg [2010.10.21 20:29:34 | 001,416,254 | ---- | C] () -- C:\Users\Martin\Desktop\2.Praise To The LORD, The Almighty † Lobe Den Herren Tune.mp3 [2010.10.21 20:27:47 | 001,239,040 | ---- | C] () -- C:\Users\Martin\Desktop\4.Ave Maria Bach-Gounod ORGAN Solo.mp3 [2010.10.21 20:24:08 | 001,310,302 | ---- | C] () -- C:\Users\Martin\Desktop\1.Kirchenorgel_ Großer Gott wir loben Dich (257).mp3 [2010.10.21 19:54:35 | 003,180,283 | ---- | C] () -- C:\Users\Martin\Desktop\3.J.S. Bach - BWV 720 - Ein feste Burg ist unser Gott.mp3 [2010.10.19 20:39:28 | 000,277,812 | ---- | C] () -- C:\Users\Martin\rtlnow_videoplayer09_2.swf [2010.10.19 20:35:13 | 000,000,889 | ---- | C] () -- C:\Users\Martin\Desktop\Orbit.lnk [2010.10.19 16:36:17 | 000,536,400 | ---- | C] () -- C:\Users\Martin\Martin.jpg [2010.10.19 16:32:48 | 002,226,104 | ---- | C] () -- C:\Users\Martin\Angela.jpg [2010.10.19 16:24:33 | 002,188,373 | ---- | C] () -- C:\Users\Martin\Andreas.jpg [2010.10.14 19:44:33 | 000,442,148 | ---- | C] () -- C:\Users\Martin\20_07_08_2008_5_22_52_As I Lay Dying - A Long March.jpg [2010.10.14 18:55:30 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.14 18:53:17 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.07 16:34:52 | 002,895,630 | ---- | C] () -- C:\Users\Martin\DSCF7152.jpg [2010.10.03 15:54:27 | 002,932,794 | ---- | C] () -- C:\Users\Martin\ScanImage001.jpg [2010.10.02 18:09:31 | 002,918,540 | ---- | C] () -- C:\Users\Martin\DSCF7223.jpg [2010.08.05 15:23:08 | 000,000,760 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\setup_ldm.iss [2010.07.30 15:50:13 | 000,045,056 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\chrtmp [2010.07.30 15:50:09 | 001,429,302 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Rotating_earth_(large).gif [2010.05.30 20:06:23 | 000,000,680 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat [2010.05.30 17:54:34 | 000,000,600 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\winscp.rnd [2010.03.21 16:35:39 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.03.09 19:42:59 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.03.09 19:42:59 | 000,000,008 | RHS- | C] () -- C:\ProgramData\C7A98F3B16.sys [2010.03.09 18:27:04 | 000,001,056 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.03.09 18:27:04 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\7CE52A14B3.sys [2010.02.27 18:31:30 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll [2010.02.20 11:24:08 | 000,000,302 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\wklnhst.dat [2010.02.16 19:51:25 | 000,001,582 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.02.13 20:48:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.12 20:14:02 | 000,247,774 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\nvModes.001 [2010.02.12 19:49:35 | 000,247,774 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\nvModes.dat [2010.02.12 01:35:17 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2010.02.12 01:34:22 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2010.02.11 17:41:54 | 000,072,704 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.11 17:09:04 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2010.02.11 17:09:04 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2010.02.11 16:42:18 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.03.26 00:32:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.25 22:00:11 | 000,000,144 | ---- | C] () -- C:\Windows\Alaunch.ini [2008.03.25 21:59:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.03.25 15:21:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.25 15:20:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.03.25 14:54:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Acer GameZone Console [2010.02.28 17:16:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ashampoo [2010.02.23 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Blender Foundation [2010.10.31 09:45:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft [2010.04.21 17:54:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Facebook [2010.08.06 10:37:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FLV Extract [2010.10.31 15:08:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Free Download Manager [2010.04.06 15:26:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeFLVConverter [2010.05.10 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeVideoConverter [2010.10.19 20:35:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GrabPro [2010.10.31 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ [2010.03.11 15:03:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IrfanView [2010.03.04 19:46:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Jpeg Resampler [2010.08.05 15:23:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech [2010.08.19 22:05:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LG Electronics [2010.04.22 20:43:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\NeatImage SL [2010.02.14 00:32:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org [2010.04.08 14:43:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera [2010.10.19 20:42:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Orbit [2010.10.19 20:35:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ProgSense [2010.10.24 15:51:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Publish Providers [2010.10.25 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Recolored [2010.04.08 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony [2010.08.19 22:24:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony Creative Software [2010.04.07 10:16:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spyware Terminator [2010.10.24 15:24:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Steinberg [2010.02.20 11:24:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Template [2010.02.28 01:16:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\thriXXX [2010.03.08 16:34:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software [2010.10.30 21:30:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.03.25 14:54:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Acer GameZone Console [2010.08.01 19:03:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Adobe [2010.02.25 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Apple Computer [2010.02.28 17:16:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ashampoo [2010.03.24 22:57:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Avira [2010.02.23 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Blender Foundation [2010.03.09 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Corel [2010.05.25 16:55:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DivX [2010.10.21 20:14:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\dvdcss [2010.10.31 09:45:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft [2010.04.21 17:54:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Facebook [2010.08.06 10:37:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FLV Extract [2010.10.31 15:08:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Free Download Manager [2010.04.06 15:26:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeFLVConverter [2010.05.10 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeVideoConverter [2010.03.13 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Google [2010.10.19 20:35:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GrabPro [2010.03.11 14:59:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HP [2010.10.25 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HPAppData [2010.07.18 12:14:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HpUpdate [2010.10.31 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ [2010.02.11 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Identities [2010.08.19 21:56:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\InstallShield [2010.03.11 15:03:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IrfanView [2010.03.04 19:46:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Jpeg Resampler [2010.08.05 15:23:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech [2010.08.19 22:05:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LG Electronics [2010.08.05 15:23:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Logitech [2010.03.25 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Macromedia [2010.10.25 18:27:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Center Programs [2010.06.11 15:34:27 | 000,000,000 | --SD | M] -- C:\Users\Martin\AppData\Roaming\Microsoft [2010.02.14 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mozilla [2010.04.22 20:43:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\NeatImage SL [2010.02.14 00:32:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org [2010.04.08 14:43:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera [2010.10.19 20:42:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Orbit [2010.10.19 20:35:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ProgSense [2010.10.24 15:51:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Publish Providers [2010.10.25 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Recolored [2010.10.31 13:58:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Skype [2010.10.31 08:05:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\skypePM [2010.04.08 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony [2010.08.19 22:24:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony Creative Software [2010.04.07 10:16:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spyware Terminator [2010.10.24 15:24:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Steinberg [2010.02.20 11:24:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Template [2010.02.28 01:16:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\thriXXX [2010.03.08 16:34:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software [2010.10.31 09:23:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\vlc [2010.02.14 21:15:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.04.21 17:54:30 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Martin\AppData\Roaming\Facebook\uninstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.11.22 09:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\DRV\Robson\Winall\Driver64\IaStor.sys [2007.11.22 09:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2007.11.22 09:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_108fe68b\iaStor.sys [2007.11.22 09:05:00 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_4f0cb505\iaStor.sys [2007.11.22 09:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\DRV\Robson\Winall\Driver\IaStor.sys [2007.11.22 09:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2007.11.22 09:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.11.22 09:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys [2007.11.22 09:05:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 03:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll [2009.04.10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2010.03.05 15:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 853 bytes -> C:\Users\Martin\Documents\Wir haben Ihre Bestellung erhalten.eml:OECustomProperty @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5CB1E0D3 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 1017 bytes -> C:\Users\Martin\Documents\posterXXL Rechnung (Auftrag DA-a5438-64706).eml:OECustomProperty < End of report > Nun der Extras.Txt Report: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.10.2010 15:07:54 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Martin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): d:\pagefile.sys 4603 4603 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,79 Gb Total Space | 13,07 Gb Free Space | 9,09% Space Free | Partition Type: NTFS
Drive D: | 140,29 Gb Total Space | 68,96 Gb Free Space | 49,15% Space Free | Partition Type: NTFS
Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 465,65 Gb Total Space | 201,87 Gb Free Space | 43,35% Space Free | Partition Type: FAT32
Drive R: | 1023,00 Mb Total Space | 1022,99 Mb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1305231A-E309-45F3-8C46-82F7F3E17A94}" = lport=137 | protocol=17 | dir=in | app=system |
"{256E6360-E68A-4629-A20D-93D999B1113F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A8D1F6C-2643-49FD-A2EF-C81B43AE42B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34C12DE3-093D-4C0B-86E4-FF799222B986}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{359FE5BC-0EAE-4751-80D1-1026E3D5A95D}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C84998D-0214-4FFB-A0F0-E8E7AB1BB1AA}" = rport=139 | protocol=6 | dir=out | app=system |
"{3EDD61B6-A22A-48D7-8EEA-4714BF09B88E}" = rport=445 | protocol=6 | dir=out | app=system |
"{50E07700-3E99-4927-AD69-0E18A4B5FC60}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5A859264-EFD7-426E-B4D2-20F7A3162EF8}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{5C123798-5E4B-4053-8E73-26771C216E00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{691F8D2F-ABEB-49C6-B20A-909BA001DB90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70335C4D-D782-4C27-B5D3-55D3AC48804E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{903E8DC4-D6CF-4FC6-9882-3B74170421DC}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2C96D3C-1B02-45D5-9334-22CCA38E796D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BBA13F6A-5102-447A-9DC6-A515E0B0447D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C3C8A582-3398-4FE8-96FA-1568A069801B}" = rport=137 | protocol=17 | dir=out | app=system |
"{CC0B5DBA-F8D0-427F-AB1A-D19B2FF46B5E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E5C89230-0AC4-4C6C-9153-EDE272982986}" = rport=138 | protocol=17 | dir=out | app=system |
"{F03574DD-29DF-48A2-B53F-649AC83E10EE}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0031A919-3B94-452C-AD55-CCB71B170B23}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{0194FEB3-2DBD-40D9-A5B7-DF4D3D4C4F92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{046C8867-0162-4372-B58E-0F3F9E1FB41D}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0885DA31-614F-4D3D-A0FC-AC0AA5887E68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0CF2B498-582B-4719-8A0D-C6561F3CF3E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A66F375-38FD-4E48-B725-6BE5349985CB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{2E09F79B-03BB-40DF-B25C-1EE775441F59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{3563062C-D41B-4943-B6ED-C450609E41AD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{36482A8E-508E-41A1-A1F3-A19E311019AA}" = protocol=17 | dir=in | app=d:\tom clancy´s hawx spiel\hawx_dx10.exe |
"{3757AA9B-7B61-440F-8179-443CA4CE1F86}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{385F3ECE-DB09-47BF-B00F-59E0A34E4C74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3998C1EF-D394-49F3-80A1-8136A2E3320C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C877229-3C2A-4707-90CF-D8C7DC7E94AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40641522-A184-4FB0-AA09-D549ED52B98C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{432BB57C-9E98-43CE-9538-D22E6FC14B03}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{44A3A70A-8EC4-4D40-AA11-CEBDF4637B71}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{47A8BC4A-AD4C-4CD9-A225-34BB99139989}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47D443E9-1022-4E90-9CF2-4246E46A1AC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48106EEC-0EFB-4DAE-B1EE-F22436D7EDA4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{49BC1A93-BB15-4C7A-BB2E-E9760532E2EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BD389D9-87F7-49FB-A1D2-BBF12CDFEBF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51E11E0A-3F18-4C77-8026-68C12C799072}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56397CDF-E579-42F4-A2B3-8E889697FDFB}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{571AEDA5-6A43-4F68-9BC1-0F1E31238384}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AAB3534-FF0B-44B6-BCB9-E665A701D33D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E88C601-D247-4C33-A3FA-97E9A16DC151}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E9F1C2A-8940-4069-B25B-EF506F40DAE0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{60B9D033-4E9B-4368-8958-2CC7A5A01F12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64C8779C-1809-4AF6-9336-B6745F8975F4}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{65E4A118-BAA9-4E0B-AC85-CEB1CAA3CC29}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{67D01BBD-A8F4-400A-9766-269546B4A0C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68E98D11-28D1-4151-ADD9-3E35F41ACA59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{702B36E7-2B52-4E38-A702-60B27B6E7BB2}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{73D40DCF-F1C2-4B8B-ABF8-4BECADC1BC02}" = protocol=6 | dir=in | app=d:\tom clancy´s hawx spiel\hawx_dx10.exe |
"{7555BC73-ABE2-499E-A78E-614F2826F3E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{782916A0-A41C-440E-AA0B-88CCC1FA174C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7865990F-A547-4D2C-AD35-D027C95CC858}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{79EE2CC0-2C45-4DA0-848C-2BCC1D965479}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83E51B8C-A428-47DC-8B8B-5E13FB21192A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88615003-F8FD-4D35-9EFC-1916FB574E0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{895CF078-65AE-47DD-9FAE-7D887F6924A0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{90C5AFC4-D45C-4FA9-A12B-2050417EC9EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90D75476-4A84-42BB-8AC5-457CDDFCFE40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{925B3524-254E-4C7C-AF68-3B8316EF0BF7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{97D8EAA6-EA0F-4FFB-B18E-B49104E23F4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{985880DF-C5F1-439F-81EE-19BFFC82F876}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98FD8AAF-09A3-4A7A-9DBF-9A60C108EBF4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9C352274-D317-456A-9FC0-67B333A6B875}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{9C829F2C-67E6-4A02-BC27-4869203FBD9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FE443B4-8B29-4C66-A0D8-4A11FE952810}" = protocol=17 | dir=in | app=d:\tom clancy´s hawx spiel\hawx.exe |
"{A25D884A-350B-4008-9DEB-2712A1A84D1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5A7C1C8-3AA3-4A90-99A6-1A6A381F50BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{A9EDA4A0-A167-42CD-AACE-981E6F6EDED2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{AC8D8763-D647-4448-8D47-A21D4AFA5C92}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B08C48FE-5AE4-439A-8878-F70BF4D0E055}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{B2F8BFEC-2290-448D-854E-F67CBE9DBC67}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B8315DD7-DF2D-4C43-BFF5-92F865231EAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDFC26CB-0CBE-4DDD-8356-10858BEC19FC}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{BE708C4E-286C-442C-B932-462FD0BBBDFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4FBB7F6-55D5-415E-98CA-F65BB9B9BE53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C70AC0C1-AD57-4F7C-992C-D163DD46D640}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAB12CA4-F407-45A4-ABA2-5BF27DD3AE25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{CDC2EBC8-BAF2-470D-A532-366D27F0F61E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAB187F1-7D75-42BF-B3F6-33BF3B2B276C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE5B6DA3-27E4-465F-9958-6F5637A15DDD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFB886EB-00D4-4B65-8753-106C1EA89F62}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{E14FE159-CCF0-481E-A694-AA1C6F2A6B98}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7918A42-4040-4377-BB73-CFF9331D1B60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EAF9788E-032E-4F98-841A-C32F168030CE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{EFDF7E18-629F-4819-8D75-5DCD3A5FC2A4}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F40C1271-02A8-40C3-B5C0-D71E513A5702}" = protocol=6 | dir=in | app=d:\tom clancy´s hawx spiel\hawx.exe |
"{F6B5442A-9F84-4B46-81E5-E23E697B96FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F912E999-E162-47BD-9E98-3E9F71705DB9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F93444A0-F4C2-4AF1-A66F-80436645A130}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FC280E92-0042-411A-802D-9FC11D7C5B14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEBE9473-E71B-4159-9F7A-95E35A34C907}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{1C6A2EDA-6A7E-4A91-A938-428BA0B58C0D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{233DFC6C-7EAE-44B2-AD30-6BAAFBB57C2C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{256562E9-8180-48C3-8272-78126B163769}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{325B21CA-48A3-495A-89CD-286C216A72ED}C:\program files\weprint\weprint server.exe" = protocol=6 | dir=in | app=c:\program files\weprint\weprint server.exe |
"TCP Query User{389F4343-2ABC-4ABA-8B96-DD90F280148D}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"TCP Query User{5751F598-6D70-464C-84EF-F5429048CDB6}C:\users\martin\appdata\local\temp\rar$ex03.079\rtmpdump-2.3\rtmpsrv.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex03.079\rtmpdump-2.3\rtmpsrv.exe |
"TCP Query User{5A77068B-6AF8-4111-BBFB-E131208D769C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6A0EB1D1-A9B6-4A91-97E8-47B5971E96EE}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"TCP Query User{8DE3020F-D363-4963-BDD3-EB67C7D15624}C:\users\martin\appdata\local\temp\rar$ex01.537\rtmpdump-2.3\rtmpgw.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex01.537\rtmpdump-2.3\rtmpgw.exe |
"TCP Query User{9DD6815F-E05E-4575-AACD-0BD8E1FAF200}D:\counter strike\hl2.exe" = protocol=6 | dir=in | app=d:\counter strike\hl2.exe |
"TCP Query User{9F426303-E8DB-4493-9B4E-1A0CD4AFD78D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CA215AB5-CC1E-4587-8604-C2E1CE834C29}C:\users\martin\appdata\local\temp\rar$ex00.249\rtmpdump-2.3\rtmpgw.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex00.249\rtmpdump-2.3\rtmpgw.exe |
"TCP Query User{D69DCDEB-B556-43DD-A68A-76C25F7F62CC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{DFA1A552-53DD-4CF3-A52F-A5F41F2F36A4}C:\users\martin\appdata\local\temp\rar$ex06.294\rtmpdump-2.3\rtmpsuck.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex06.294\rtmpdump-2.3\rtmpsuck.exe |
"TCP Query User{EB0F83EE-A27C-4F3B-B140-913AD1E422BA}D:\garena\garena.exe" = protocol=6 | dir=in | app=d:\garena\garena.exe |
"TCP Query User{F75D9039-F7CA-4804-A69F-D32FED01CE2E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{FFB0352E-A8BD-4AAA-AACD-CCC454BDAD8A}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{05E696AE-EC89-452C-B8C6-C57148D4FDE0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{072A1106-6493-4862-A0CC-186082807055}D:\garena\garena.exe" = protocol=17 | dir=in | app=d:\garena\garena.exe |
"UDP Query User{0AE7B009-B029-42A1-912F-C83E248711E5}C:\users\martin\appdata\local\temp\rar$ex01.537\rtmpdump-2.3\rtmpgw.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex01.537\rtmpdump-2.3\rtmpgw.exe |
"UDP Query User{11CD9A58-8562-44F2-B095-58A00B7F719E}D:\counter strike\hl2.exe" = protocol=17 | dir=in | app=d:\counter strike\hl2.exe |
"UDP Query User{143E9827-0823-4E73-AD5B-F297DCC17AD9}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"UDP Query User{2C286D5C-1A1E-4399-9AB6-96623C503C05}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{2DD3CCCD-2806-4D02-9CFB-55ACCDFB9E91}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{50155FFF-F492-4389-8760-DB1C03E0BC84}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5817ADD7-0CFD-4E63-8DD1-BFD5B0D251EE}C:\users\martin\appdata\local\temp\rar$ex00.249\rtmpdump-2.3\rtmpgw.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex00.249\rtmpdump-2.3\rtmpgw.exe |
"UDP Query User{5C4409F3-815F-452E-81C7-CF329B89D9AE}C:\program files\weprint\weprint server.exe" = protocol=17 | dir=in | app=c:\program files\weprint\weprint server.exe |
"UDP Query User{8036649D-2E42-451F-A96C-BEA9F43FBE6A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{82D7BB63-3E24-4169-BDCC-75C3FD22580B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A79D53A5-D0E1-4878-B5E6-FA74D04FDF92}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{BA679242-A751-4009-8A01-0877459DF2BE}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{BED8E55B-91B8-414C-A78F-7FA8D4EDD580}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{C8BCF1F9-60FB-47EC-B17B-BC9985C9614B}C:\users\martin\appdata\local\temp\rar$ex03.079\rtmpdump-2.3\rtmpsrv.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex03.079\rtmpdump-2.3\rtmpsrv.exe |
"UDP Query User{FE2CAB55-D6CA-4160-AAD3-6616555517B9}C:\users\martin\appdata\local\temp\rar$ex06.294\rtmpdump-2.3\rtmpsuck.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\temp\rar$ex06.294\rtmpdump-2.3\rtmpsuck.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FC9C3C9-443B-4790-BD09-7F871161E9FB}" = iTeleport Connect
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F2F5589-0217-43A6-91E9-B0F172D32CC9}_is1" = MF Shutdown Manager 1.0.1
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4400_Help
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0BA9A89-99BE-4BFB-8837-9299010FB216}" = Language - Support Files
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Chicken Invaders 3_is1" = Chicken Invaders 3
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Counter-Strike: Source v17" = Counter-Strike: Source v17
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Audio Converter_is1" = Free Audio Converter version 2.2.9
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Video Converter_is1" = Free Video Converter V 2.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Garena" = Garena 2010
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"JPEG Resampler_is1" = JPEG Resampler Vs 5.0
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"nik Color Efex Pro 2.0 Complete" = nik Color Efex Pro 2.0 Complete
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"Steinberg Cubase_is1" = Steinberg Cubase v4.1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3760374313-2429106835-967571473-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy
"Facebook Plug-In" = Facebook Plug-In
"Flash Video Downloader" = Flash Video Downloader
"Google Translator" = Google Translator
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.10.2010 17:01:26 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 20.10.2010 17:01:26 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 20.10.2010 17:01:26 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 20.10.2010 17:01:26 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 20.10.2010 17:01:26 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 21.10.2010 08:54:52 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.10.2010 08:56:22 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 21.10.2010 08:56:22 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.10.2010 05:32:17 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.10.2010 05:33:48 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 08.08.2010 04:51:00 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 08.08.2010 11:27:34 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 08.08.2010 11:27:42 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 14.08.2010 07:16:39 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.08.2010 07:17:52 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 14.08.2010 07:17:57 | Computer Name = Martin-PC | Source = DCOM | ID = 10005
Description =
Error - 14.08.2010 07:17:57 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.08.2010 07:17:57 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.08.2010 11:41:02 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.08.2010 11:42:24 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
|
|
31.10.2010, 15:31
| #5 |
| /// Malware-holic | C:\Windows\System32\rundll32.exe öffne mal malwarebytes, logdateien, poste das oder die scanlog(s) dann bitte updaten und nen komplett scan machen, log ebenfalls posten. |
|
31.10.2010, 15:45
| #6 |
| | C:\Windows\System32\rundll32.exe Das ist jetzt ein logfile vom 26.10.2010 Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4943
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
26.10.2010 18:19:23
mbam-log-2010-10-26 (18-19-23).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 299617
Laufzeit: 1 Stunde(n), 1 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\prog\Best Hacking Tools AIO By Nawaz For Cyberwarez.com\data\freeze.exe (HackTool.Agent) -> Quarantined and deleted successfully.
C:\Users\***\prog\Best Hacking Tools AIO By Nawaz For Cyberwarez.com\data\YAHOO booter\boot\KewlButtonz.ocx (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
C:\Users\***\prog\Best Hacking Tools AIO By Nawaz For Cyberwarez.com\data\YAHOO booter\boot\YMSG12ENCRYPT.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\***\prog\brutus-aet2\BrutusA2.exe (HackTool.Brutus) -> Quarantined and deleted successfully.
|
|
31.10.2010, 15:48
| #7 |
| /// Malware-holic | C:\Windows\System32\rundll32.exe ok dann mal nen komplett scan nach update |
|
31.10.2010, 17:24
| #8 |
| | C:\Windows\System32\rundll32.exe So nun habe ich auch den vollständigen Suchlauf gemacht. ergebnis hier zu sehen. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5007
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
31.10.2010 17:28:34
mbam-log-2010-10-31 (17-28-34).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 425291
Laufzeit: 1 Stunde(n), 35 Minute(n), 7 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Trojan.FakeAlert) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
D:\Adobe\InDesign CS4\Adobe® InDesign® CS4\Adobe.InDesign.CS4.v6.0.Multilingual.Incl.Keymaker.Internal-CORE\keygen.exe (Trojan.Agent) -> No action taken.
D:\TuneUp.Utilities.2010.9.0.3100.16.Final.EN.DE\Keygen.exe (Trojan.Agent.CK) -> No action taken.
wie nun weiter?? |
|
31.10.2010, 17:32
| #9 |
| /// Malware-holic | C:\Windows\System32\rundll32.exe bei keygens D:\Adobe\InDesign CS4\Adobe® InDesign® CS4\Adobe.InDesign.CS4.v6.0.Multilingual.Incl.Keymaker.Internal-CORE\keygen.exe (Trojan.Agent) -> No action taken. D:\TuneUp.Utilities.2010.9.0.3100.16.Final.EN.DE\Keygen.exe (Trojan.Agent.CK) -> No action taken. geben wir nur noch suport zum neu aufsetzen und absichern. |
|
31.10.2010, 17:40
| #10 |
| | C:\Windows\System32\rundll32.exe Ich habe die Dateien soeben beseitigt mit dem ergebnis :-> Quarantined and deleted successfully. |
|
31.10.2010, 17:41
| #11 |
| /// Malware-holic | C:\Windows\System32\rundll32.exe ja aber so bald wir keygens vor finden ist der suport zu ende, zu mindest was die reinigung betrifft |
|
31.10.2010, 17:48
| #12 |
| | C:\Windows\System32\rundll32.exe Ich versuche seit ewiger zeit den misst hin zu bekommen, da dies der familienrechner ist und ich die keygens hier nicht rauf gezogen habe und nicht im Begriff bin diese zu benutzen. Und wie schon gesagt, sie wurden bereits entfernt |
|
31.10.2010, 17:52
| #13 |
| /// Malware-holic | C:\Windows\System32\rundll32.exe ja dann mach doch gleich kurzen prozess und formatiere. diese ausreden, kann nicht im einzelfall prüfen obs welche sind, bekomme ich jeden tag zu hören. "wo kommen die denn her" "sind nicht meine"..... wie gesagt zum formatieren /absichern gibts tipps, zum rest nicht. |
|
| Themen zu C:\Windows\System32\rundll32.exe |
| antivir, antivir guard, avira, berechtigungen, bho, bonjour, c:\windows\system32\rundll32.exe, desktop, downloader, firefox, free download, google, hijack, hijackthis, home, home premium, internet, internet explorer, launch, logfile, mozilla, object, plug-in, popup, rundll, rundll32.exe, skype.exe, software, system, usb, usb geräte, virus, vista, windows, windows vista home, zugriff, ändern |
Linear-Darstellung
