| |
| |||||||
Log-Analyse und Auswertung: Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.01.2011, 22:19
| #1 |
| |  Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... Hallo, mein Windows update funktioniert nicht folgender Fehler wird angezeigt: "Die suche nach updates nicht möglich code 80072EFE." Wenn ich auf google etwas als Suchbegriff eingebe und anschließend auf einen Link drücke,werde ich auf irgendwelche Seiten geschickt,wobei gleichzeitig mein Antivrius Programm eintritt und sagt das es ein Virus fund gab! Außerdem wird mein Hostprozess immer geschloßen und ich habe dann nicht mehr das Aero-Design auf der Taskleiste. Ich vermute das alles in gewisser weise zusammen gehört...  für eure HilfeHIJACK LOGFILE: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:50:22, on 13.01.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe C:\Windows\vsnp2uvc.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Program Files\RouterControl\RouterControl.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Users\Mustermann\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Mustermann\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://de.rd.yahoo.com/customize/ycomp/defaults/sp/*h**p://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://de.rd.yahoo.com/customize/ycomp/defaults/su/h***p://de.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [tsnp2uvc] C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 8477 bytes |
|
14.01.2011, 11:52
| #2 |
| /// Malware-holic   | Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... richtig vermutet :-)
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt
__________________ |
|
14.01.2011, 16:23
| #3 |
| | Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 14.01.2011 13:01:41 - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Jonathan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.011,00 Mb Total Physical Memory | 284,00 Mb Available Physical Memory | 28,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 28,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 49,70 Gb Free Space | 34,48% Space Free | Partition Type: NTFS Computer Name: JONATHAN-PC | User Name: Jonathan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.14 12:32:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe PRC - [2010.12.19 11:34:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010.12.19 11:33:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.12.08 12:31:34 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.23 17:46:30 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Jonathan\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010.11.03 14:15:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 14:15:22 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.08 14:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2010.07.29 08:50:16 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.07.29 08:47:08 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.04.30 16:24:58 | 009,210,400 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.19 01:12:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009.08.24 14:50:46 | 001,190,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2009.05.19 12:49:00 | 003,449,344 | ---- | M] (Mirko Böer) -- C:\Program Files\RouterControl\RouterControl.exe PRC - [2009.05.18 12:36:38 | 000,241,664 | ---- | M] () -- C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe PRC - [2009.05.18 12:34:12 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE PRC - [2007.02.09 05:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE PRC - [2007.02.06 23:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.02.06 23:04:16 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2007.01.31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.01.24 09:27:50 | 000,319,488 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe PRC - [2006.12.29 16:51:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ========== Modules (SafeList) ========== MOD - [2011.01.14 12:32:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe MOD - [2010.03.05 15:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll MOD - [2009.04.11 07:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll MOD - [2009.04.11 07:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll MOD - [2009.04.11 07:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll MOD - [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll MOD - [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.04.11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.19 08:36:49 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll MOD - [2008.01.19 08:36:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll MOD - [2008.01.19 08:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Unknown | Stopped] -- -- (MSDTC) SRV - [2010.12.08 12:31:34 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.21 12:54:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.11.03 14:15:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.07.29 08:50:16 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.02.06 23:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.01.31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.12.29 16:51:56 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) ========== Driver Services (SafeList) ========== DRV - [2010.12.20 13:35:37 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.25 20:10:33 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.20 15:41:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.06.14 01:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.30 15:59:12 | 003,086,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010.04.27 03:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.04.27 03:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010.04.27 03:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.03.22 17:04:40 | 000,262,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.03.09 10:01:54 | 000,130,672 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2010.02.03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2010.01.29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2009.05.20 15:15:32 | 003,485,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.03.26 10:14:34 | 000,021,000 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2008.06.30 19:12:08 | 000,923,648 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.06.18 12:38:20 | 002,307,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2008.04.25 02:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007.10.25 16:26:10 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2007.06.16 01:47:39 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2007.04.20 13:15:46 | 000,447,864 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350) DRV - [2007.02.06 23:04:54 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007.02.06 23:04:50 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk) DRV - [2007.02.06 23:04:48 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2007.01.22 09:09:08 | 000,046,592 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2007.01.22 08:11:00 | 000,056,832 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1027.sys -- (RDID1027) DRV - [2006.12.07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2004.04.01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.06.15 02:02:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.19 11:34:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.19 11:34:21 | 000,000,000 | ---D | M] [2010.06.02 20:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Extensions [2010.06.02 16:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011.01.12 16:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Firefox\Profiles\r4loksna.default\extensions [2010.08.15 10:41:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Firefox\Profiles\r4loksna.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.15 10:41:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Firefox\Profiles\r4loksna.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.06.27 09:59:19 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Firefox\Profiles\r4loksna.default\extensions\personas@christopher.beard [2010.06.20 15:42:46 | 000,002,059 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r4loksna.default\searchplugins\daemon-search.xml [2011.01.11 12:27:33 | 000,001,056 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r4loksna.default\searchplugins\icqplugin.xml [2010.06.06 12:17:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.19 11:34:20 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.12.19 11:33:16 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll [2010.12.19 11:33:17 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll [2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll [2010.12.19 11:34:04 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll [2007.03.22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL [2010.09.25 10:11:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll [2010.09.25 10:11:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll [2010.09.25 10:11:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll [2010.09.25 10:11:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll [2010.09.25 10:11:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll [2010.09.25 10:11:43 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll [2010.09.25 10:11:43 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll [2010.12.19 11:34:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.19 11:34:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.12.19 11:34:11 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2010.12.19 11:34:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.19 11:34:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.19 11:34:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.07 16:10:27 | 000,001,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.8minutedating.com O1 - Hosts: 127.0.0.1 whysohardx.com O1 - Hosts: 127.0.0.1 protectyourpc-11.com O1 - Hosts: 127.0.0.1 checkserverstatux.com O1 - Hosts: 127.0.0.1 xinmin.cn O1 - Hosts: 127.0.0.1 xy95.cn O1 - Hosts: 127.0.0.1 koralda.com O1 - Hosts: 127.0.0.1 weirden.com O1 - Hosts: 127.0.0.1 nanocloudcontroller.com O1 - Hosts: 127.0.0.1 coo0lnet.net O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [tsnp2uvc] C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE (Mirko Böer) O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.248 192.168.0.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0d6a7ceb-7dfc-11df-b761-001e68eb1c70}\Shell - "" = AutoRun O33 - MountPoints2\{0d6a7ceb-7dfc-11df-b761-001e68eb1c70}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{3f4f8112-9e65-11df-934a-001e68eb1c70}\Shell - "" = AutoRun O33 - MountPoints2\{3f4f8112-9e65-11df-934a-001e68eb1c70}\Shell\AutoRun\command - "" = F:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.14 12:31:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe [2011.01.13 21:11:55 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.01.08 22:09:00 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Malwarebytes [2011.01.08 22:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.08 22:08:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.08 22:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.08 22:08:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.08 22:08:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.07 13:10:29 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\TuneUp Software [2011.01.07 13:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.01.07 13:04:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.01.05 21:24:23 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Meine empfangenen Dateien [2010.12.30 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\My Art [2010.12.30 18:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio [2010.12.30 18:10:51 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys [2010.12.30 18:10:51 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys [2010.12.30 18:10:51 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys [2010.12.30 18:10:50 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys [2010.12.30 18:10:50 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys [2010.12.30 18:10:50 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys [2010.12.30 18:10:50 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys [2010.12.30 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\My NPS Files [2010.12.30 18:02:37 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Samsung [2010.12.30 16:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2010.12.30 16:26:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.12.30 15:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg [2010.12.30 15:39:45 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Steinberg [2010.12.30 15:26:34 | 101,519,294 | ---- | C] () -- C:\Users\Jonathan\NYo-LSWEB.rar [2010.12.29 19:41:47 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\CUbase [2010.08.10 08:56:43 | 000,000,680 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\d3d9caps.dat [2010.07.03 16:27:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.06.13 19:53:48 | 000,017,408 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\WebpageIcons.db [2010.06.02 21:19:12 | 003,295,468 | -H-- | C] () -- C:\Users\Jonathan\AppData\Local\IconCache.db [2010.06.02 20:58:01 | 000,089,280 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.02 20:57:23 | 000,095,232 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.02 20:40:06 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2010.06.02 10:44:05 | 000,239,616 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2007.06.16 01:39:13 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [2006.11.02 13:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini ========== Files - Modified Within 30 Days ========== [2011.01.14 12:32:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe [2011.01.14 12:32:15 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.14 12:28:52 | 000,004,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.14 12:28:51 | 000,004,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.14 12:28:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.13 21:37:19 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2011.01.13 21:37:14 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.13 21:35:50 | 1061,109,760 | -HS- | M] () -- C:\hiberfil.sys [2011.01.13 20:17:51 | 000,203,608 | ---- | M] () -- C:\Users\Jonathan\Desktop\TPS+2++.pdf [2011.01.13 20:13:26 | 000,181,461 | ---- | M] () -- C:\Users\Jonathan\Desktop\TPS+2.pdf [2011.01.13 20:13:12 | 000,197,128 | ---- | M] () -- C:\Users\Jonathan\Desktop\TPS+1.pdf [2011.01.13 19:51:26 | 000,027,136 | ---- | M] () -- C:\Users\Jonathan\Documents\Aufgabe Nummer 2.doc [2011.01.11 21:11:13 | 000,212,871 | ---- | M] () -- C:\Users\Jonathan\Desktop\S8300_TkFileExplorer_2.2.rar [2011.01.11 19:11:25 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.11 19:11:25 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.11 19:11:25 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.11 19:11:25 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.09 13:49:51 | 002,471,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.01.09 00:35:59 | 000,095,232 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.09 00:34:03 | 000,300,263 | ---- | M] () -- C:\Users\Jonathan\Desktop\Coloringbook.wmv [2011.01.08 22:08:30 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.05 19:58:46 | 049,783,417 | ---- | M] () -- C:\Users\Jonathan\Desktop\Video0021.mp4 [2010.12.30 18:28:17 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2010.12.30 15:47:53 | 101,519,294 | ---- | M] () -- C:\Users\Jonathan\NYo-LSWEB.rar [2010.12.30 00:27:29 | 000,900,015 | ---- | M] () -- C:\Windows\System32\TmpA1599259 [2010.12.29 23:48:55 | 173,838,160 | ---- | M] () -- C:\Users\Jonathan\Desktop\New_PC_Studio_1.5.1.10064_2.exe [2010.12.29 19:20:11 | 009,408,088 | ---- | M] () -- C:\Users\Jonathan\Desktop\Composition_1_.wav [2010.12.29 16:36:37 | 000,000,680 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\d3d9caps.dat [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.20 13:35:37 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.18 15:06:10 | 000,168,250 | ---- | M] () -- C:\Users\Jonathan\Desktop\04img_1911y07.jpg ========== Files Created - No Company Name ========== [2011.01.13 21:21:04 | 000,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2011.01.13 20:17:33 | 000,203,608 | ---- | C] () -- C:\Users\Jonathan\Desktop\TPS+2++.pdf [2011.01.13 20:13:25 | 000,181,461 | ---- | C] () -- C:\Users\Jonathan\Desktop\TPS+2.pdf [2011.01.13 20:12:50 | 000,197,128 | ---- | C] () -- C:\Users\Jonathan\Desktop\TPS+1.pdf [2011.01.11 21:11:12 | 000,212,871 | ---- | C] () -- C:\Users\Jonathan\Desktop\S8300_TkFileExplorer_2.2.rar [2011.01.10 18:40:27 | 000,027,136 | ---- | C] () -- C:\Users\Jonathan\Documents\Aufgabe Nummer 2.doc [2011.01.09 00:32:47 | 000,300,263 | ---- | C] () -- C:\Users\Jonathan\Desktop\Coloringbook.wmv [2011.01.08 22:08:30 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 18:28:17 | 000,001,927 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2010.12.30 00:27:29 | 000,900,015 | ---- | C] () -- C:\Windows\System32\TmpA1599259 [2010.12.29 23:32:15 | 173,838,160 | ---- | C] () -- C:\Users\Jonathan\Desktop\New_PC_Studio_1.5.1.10064_2.exe [2010.12.18 15:05:33 | 000,168,250 | ---- | C] () -- C:\Users\Jonathan\Desktop\04img_1911y07.jpg [2010.12.15 16:47:12 | 049,783,417 | ---- | C] () -- C:\Users\Jonathan\Desktop\Video0021.mp4 [2010.07.06 13:28:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\RdCi1027.dll [2010.06.27 21:07:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.06.23 15:39:30 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.06.23 15:39:29 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.06.20 15:41:43 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.06.03 10:35:14 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.06.02 20:40:06 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.06.02 20:40:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.06.02 20:40:05 | 003,485,952 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.06.02 20:40:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll [2010.06.02 20:39:27 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.06.01 16:57:19 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2010.06.01 16:57:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2010.05.18 00:47:52 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.08.16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.05.29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.06.16 11:36:29 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.06.16 09:54:27 | 000,000,622 | ---- | C] () -- C:\Windows\generic.ini [2007.06.16 09:54:27 | 000,000,099 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.06.16 01:39:13 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.02.06 22:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.02.06 22:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.02.06 22:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.02.06 22:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.02.06 22:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.02.06 22:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.12.26 14:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 21:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 14:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 20:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2010.06.05 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Canneverbe Limited [2010.07.14 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Canon [2010.06.22 13:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DAEMON Tools Lite [2010.06.20 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DAEMON Tools Pro [2010.11.01 10:25:17 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\GlarySoft [2011.01.13 21:42:03 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\ICQ [2010.06.27 09:07:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Opera [2010.07.06 13:17:49 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Propellerhead Software [2010.08.05 10:48:16 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Publish Providers [2010.08.17 11:14:41 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\RouterControl [2010.12.30 18:02:58 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Samsung [2010.11.07 12:04:23 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Sony [2010.12.30 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Steinberg [2010.09.05 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\TeamViewer [2011.01.07 13:10:29 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\TuneUp Software [2010.06.02 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\VistaCodecs [2011.01.13 21:37:19 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2011.01.13 21:34:28 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.26 21:28:20 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Adobe [2010.06.11 12:30:57 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\AdobeUM [2010.07.13 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Avira [2010.06.05 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Canneverbe Limited [2010.07.14 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Canon [2010.06.22 13:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DAEMON Tools Lite [2010.06.20 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DAEMON Tools Pro [2010.08.10 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DivX [2010.11.01 10:25:17 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\GlarySoft [2011.01.13 21:42:03 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\ICQ [2010.06.02 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Identities [2010.06.02 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\InstallShield [2010.06.02 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Macromedia [2011.01.08 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Media Center Programs [2010.12.30 18:33:14 | 000,000,000 | --SD | M] -- C:\Users\Jonathan\AppData\Roaming\Microsoft [2010.06.02 20:05:18 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Mozilla [2010.06.27 09:07:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Opera [2010.07.06 13:17:49 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Propellerhead Software [2010.08.05 10:48:16 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Publish Providers [2010.08.17 11:14:41 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\RouterControl [2010.12.30 18:02:58 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Samsung [2011.01.13 21:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Skype [2011.01.13 21:41:13 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\skypePM [2010.11.07 12:04:23 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Sony [2010.12.30 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Steinberg [2010.09.05 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\TeamViewer [2011.01.07 13:10:29 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\TuneUp Software [2010.06.02 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\VistaCodecs [2010.06.02 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.01.19 06:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.01.19 05:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2010.06.09 16:19:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2010.06.09 16:19:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2010.06.09 16:19:19 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.08.27 04:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.08.27 03:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2010.06.09 16:19:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.02.15 05:05:25 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2010.06.05 02:19:04 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.02.15 05:06:38 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2010.06.05 02:19:04 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.06.20 15:41:43 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2010.06.02 20:38:55 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2010.06.02 20:38:50 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2010.06.02 20:38:55 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2010.06.02 20:39:16 | 015,740,928 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2010.06.02 20:39:21 | 006,045,696 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Jonathan\Desktop\Video0021.mp4:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Jonathan\Desktop\Maennertrip.TS.MD.avi:TOC.WMV < End of report > < MD5 for: [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (MICROSOFT CORPORATION) > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys < MD5 for: [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) > [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe < MD5 for: [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (MICROSOFT CORPORATION) > [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (MICROSOFT CORPORATION) > [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe < MD5 for: [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (MICROSOFT CORPORATION) > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (MICROSOFT CORPORATION) > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll < MD5 for: [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (MICROSOFT CORPORATION) > [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (MICROSOFT CORPORATION) > [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (MICROSOFT CORPORATION) > [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (MICROSOFT CORPORATION) > [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA CORPORATION) > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys < MD5 for: [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (INTEL CORPORATION) > [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: [2007.02.15 05:05:25 | 000,633,856 | ---- | M] (MICROSOFT CORPORATION) > [2007.02.15 05:05:25 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll < MD5 for: [2007.02.15 05:06:38 | 000,633,856 | ---- | M] (MICROSOFT CORPORATION) > [2007.02.15 05:06:38 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll < MD5 for: [2007.08.27 03:01:58 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) > [2007.08.27 03:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe < MD5 for: [2007.08.27 04:10:03 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) > [2007.08.27 04:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe < MD5 for: [2008.01.19 05:33:23 | 000,021,560 | ---- | M] (MICROSOFT CORPORATION) > [2008.01.19 05:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a9 3da31a8b\atapi.sys < MD5 for: [2008.01.19 06:06:48 | 000,021,560 | ---- | M] (MICROSOFT CORPORATION) > [2008.01.19 06:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a44 2479c42c\atapi.sys < MD5 for: [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (MICROSOFT CORPORATION) > [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < MD5 for: [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION) > [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (MICROSOFT CORPORATION) > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (MICROSOFT CORPORATION) > [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (MICROSOFT CORPORATION) > [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (MICROSOFT CORPORATION) > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll < MD5 for: [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (MICROSOFT CORPORATION) > [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (MICROSOFT CORPORATION) > [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys < MD5 for: [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA CORPORATION) > [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (MICROSOFT CORPORATION) > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys < MD5 for: [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (INTEL CORPORATION) > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys < MD5 for: [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) > [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe < MD5 for: [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe < MD5 for: [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION) > [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe < MD5 for: [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (MICROSOFT CORPORATION) > [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe < MD5 for: [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (MICROSOFT CORPORATION) > [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe < MD5 for: [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (MICROSOFT CORPORATION) > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe < MD5 for: [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (MICROSOFT CORPORATION) > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll < MD5 for: [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (MICROSOFT CORPORATION) > [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (MICROSOFT CORPORATION) > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (MICROSOFT CORPORATION) > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys < MD5 for: [2010.06.05 02:19:04 | 000,633,856 | ---- | M] (MICROSOFT CORPORATION) > [2010.06.05 02:19:04 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2010.06.05 02:19:04 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll < MD5 for: [2010.06.09 16:19:19 | 002,927,616 | ---- | M] (MICROSOFT CORPORATION) > [2010.06.09 16:19:19 | 002,927,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe < MD5 for: [2010.06.09 16:19:24 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION) > [2010.06.09 16:19:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe < MD5 for: [2010.06.09 16:19:28 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) > [2010.06.09 16:19:28 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe < MD5 for: [2010.06.09 16:19:32 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) > [2010.06.09 16:19:32 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.06.20 15:41:43 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2010.06.02 20:38:55 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2010.06.02 20:38:50 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2010.06.02 20:38:55 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2010.06.02 20:39:16 | 015,740,928 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2010.06.02 20:39:21 | 006,045,696 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < End of report > DANKE FÜR DEINE HILFE |
|
14.01.2011, 16:28
| #4 |
| | Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.01.2011 13:01:41 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Jonathan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.011,00 Mb Total Physical Memory | 284,00 Mb Available Physical Memory | 28,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 28,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 49,70 Gb Free Space | 34,48% Space Free | Partition Type: NTFS
Computer Name: JONATHAN-PC | User Name: Jonathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C3F87B9-EB4D-4439-B262-068319EE2D45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E4935003-13CB-4E48-B88E-FCFC9DC21731}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115D1-7305-4DD0-AEFB-17068B68C7CF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{0A238D9D-FBFF-477A-9609-31CC47EA8234}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{130E792F-3CED-47CC-9CF0-AADD313D22D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13D06D3C-2B26-4154-8572-CD45A84A7554}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1F991B79-95FA-4AC6-8ED8-027ECFF3BE69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AC59A1C-CA97-439E-A477-0D6B337528A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3504A079-1B8D-46A2-932D-1705CFEB498D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4592B300-E14E-4978-B518-58ADABBD1D9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58B5C549-3F91-4CC7-AF60-3E6C619EEC73}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{5BE0903E-8961-4905-A868-73A0440DE817}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C917325-E2A2-49C1-A7CC-73BBC9F3BA32}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{5CB3339E-C295-452B-BBE6-7C0A384703D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63C3B3F1-4C47-4CF7-AB24-AE9D2E208BD8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C7BA3CF-34CC-47AF-8FA3-406793E0DD6C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{6D0FE4C2-3B56-401B-84C1-4C9EB3B26187}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{7751C4CD-DFAF-4BA4-9CA2-4E2B9BEC9558}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{789C41D7-FA46-450F-9905-01B7E72A55D9}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{8039D176-52C9-4647-B6E5-E6060D2C58E1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{80D362C8-CF6C-4B24-BD8D-706D08AE3717}" = dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{8E5014C0-D009-472D-8BAF-D1D83E8FA932}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{91664178-DB64-421A-BCF0-D5B29611E49F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95A5E5FC-C067-4446-83E9-5227860E189A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B669B00-4BCF-4860-888B-D7DE65141F05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5C951F5-761A-4EE4-993B-A8CADA085929}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A999D38D-45D8-46C2-9A97-93AE5B796EFA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{AEAE0FC8-F036-498B-962B-564818B91062}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0655549-766F-4CA1-8B10-BC8F6C5B017C}" = dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{B19128AE-7F9F-47CB-AC3C-D181242D79E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2650ABB-1D49-49B9-827A-3A3F6DCD62FE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BA88FC55-32E6-4050-9AFF-CFBB0A6D9BD7}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{BF80D1D0-F229-4B96-AF1E-BF32E634A432}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3B7A310-78FD-4249-87ED-395F337C6A25}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{C7435CF2-8EDA-4389-B5AD-4F44A810F054}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7937012-A20E-4698-81F9-5426EEF0C860}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C889386A-B8CF-462D-B8C3-489D881C1F5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA6834B0-1C44-4E6C-BB56-30BEF04366AE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{CF075182-E0E9-4FBF-93AF-D9F35682CB2C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D1DCE366-BC26-4D1F-A78B-1ECDF9418C62}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{E04E88A9-B3C1-484E-A788-C165893BFF80}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E530B402-7DD4-4C57-A9D6-A6D0BA798BDE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E92F2386-68BC-4A92-BFBC-D3098693EC82}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E94F36DE-C9F4-49CD-96CB-B6E7DB128B24}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{EE24A907-6A41-4246-822E-DCEEF032A24E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{FABD412A-499E-4380-827C-EEDF4319C046}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"TCP Query User{38D7D715-C42F-426E-A033-AA41C07A58FD}C:\program files\samsung\samsung new pc studio\npsdmpplayer.exe" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsdmpplayer.exe |
"TCP Query User{9977505E-CB8E-4047-B865-A46316606493}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{AB287ADE-CD19-4C1C-9B0B-DB0B60E42FC0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D3CBEFDC-4139-423F-A05D-B73863526DF0}E:\empires.exe" = protocol=6 | dir=in | app=e:\empires.exe |
"UDP Query User{0D0348E9-B812-4F26-8564-2D9678FF83A5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{247EAACE-14D1-442E-8D5E-D7895B30D365}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{2C9377F1-73B8-4E54-BE16-7AFA8D2E4401}E:\empires.exe" = protocol=17 | dir=in | app=e:\empires.exe |
"UDP Query User{A8CBC6DF-19B2-40FD-A00C-E482CCABEE2F}C:\program files\samsung\samsung new pc studio\npsdmpplayer.exe" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsdmpplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797A536D-7F3A-4FC8-94FB-B36E108BF33A}" = TheWesterner
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Dynamic-Photo HDR 4 (Trial)_is1" = Dynamic-Photo HDR Trial 4.8
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Glary Utilities_is1" = Glary Utilities 2.23.0.923
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"Reason4_is1" = Reason 4.0
"RolandRDID0027" = EDIROL PCR Driver
"RouterControl" = RouterControl 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"UltraISO_is1" = UltraISO Premium V9.36
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"dd6e9302046dd572" = FRIENDS pro
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1C3F87B9-EB4D-4439-B262-068319EE2D45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E4935003-13CB-4E48-B88E-FCFC9DC21731}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{024115D1-7305-4DD0-AEFB-17068B68C7CF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{0A238D9D-FBFF-477A-9609-31CC47EA8234}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{130E792F-3CED-47CC-9CF0-AADD313D22D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{13D06D3C-2B26-4154-8572-CD45A84A7554}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{1F991B79-95FA-4AC6-8ED8-027ECFF3BE69}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2AC59A1C-CA97-439E-A477-0D6B337528A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3504A079-1B8D-46A2-932D-1705CFEB498D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{4592B300-E14E-4978-B518-58ADABBD1D9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{58B5C549-3F91-4CC7-AF60-3E6C619EEC73}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{5BE0903E-8961-4905-A868-73A0440DE817}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C917325-E2A2-49C1-A7CC-73BBC9F3BA32}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{5CB3339E-C295-452B-BBE6-7C0A384703D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{63C3B3F1-4C47-4CF7-AB24-AE9D2E208BD8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6C7BA3CF-34CC-47AF-8FA3-406793E0DD6C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{6D0FE4C2-3B56-401B-84C1-4C9EB3B26187}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{7751C4CD-DFAF-4BA4-9CA2-4E2B9BEC9558}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{789C41D7-FA46-450F-9905-01B7E72A55D9}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{8039D176-52C9-4647-B6E5-E6060D2C58E1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{80D362C8-CF6C-4B24-BD8D-706D08AE3717}" = dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe | "{8E5014C0-D009-472D-8BAF-D1D83E8FA932}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe | "{91664178-DB64-421A-BCF0-D5B29611E49F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{95A5E5FC-C067-4446-83E9-5227860E189A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9B669B00-4BCF-4860-888B-D7DE65141F05}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A5C951F5-761A-4EE4-993B-A8CADA085929}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A999D38D-45D8-46C2-9A97-93AE5B796EFA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{AEAE0FC8-F036-498B-962B-564818B91062}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B0655549-766F-4CA1-8B10-BC8F6C5B017C}" = dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe | "{B19128AE-7F9F-47CB-AC3C-D181242D79E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B2650ABB-1D49-49B9-827A-3A3F6DCD62FE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{BA88FC55-32E6-4050-9AFF-CFBB0A6D9BD7}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{BF80D1D0-F229-4B96-AF1E-BF32E634A432}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C3B7A310-78FD-4249-87ED-395F337C6A25}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe | "{C7435CF2-8EDA-4389-B5AD-4F44A810F054}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C7937012-A20E-4698-81F9-5426EEF0C860}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C889386A-B8CF-462D-B8C3-489D881C1F5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CA6834B0-1C44-4E6C-BB56-30BEF04366AE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{CF075182-E0E9-4FBF-93AF-D9F35682CB2C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{D1DCE366-BC26-4D1F-A78B-1ECDF9418C62}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{E04E88A9-B3C1-484E-A788-C165893BFF80}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{E530B402-7DD4-4C57-A9D6-A6D0BA798BDE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E92F2386-68BC-4A92-BFBC-D3098693EC82}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{E94F36DE-C9F4-49CD-96CB-B6E7DB128B24}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{EE24A907-6A41-4246-822E-DCEEF032A24E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{FABD412A-499E-4380-827C-EEDF4319C046}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "TCP Query User{38D7D715-C42F-426E-A033-AA41C07A58FD}C:\program files\samsung\samsung new pc studio\npsdmpplayer.exe" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsdmpplayer.exe | "TCP Query User{9977505E-CB8E-4047-B865-A46316606493}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{AB287ADE-CD19-4C1C-9B0B-DB0B60E42FC0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{D3CBEFDC-4139-423F-A05D-B73863526DF0}E:\empires.exe" = protocol=6 | dir=in | app=e:\empires.exe | "UDP Query User{0D0348E9-B812-4F26-8564-2D9678FF83A5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{247EAACE-14D1-442E-8D5E-D7895B30D365}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{2C9377F1-73B8-4E54-BE16-7AFA8D2E4401}E:\empires.exe" = protocol=17 | dir=in | app=e:\empires.exe | "UDP Query User{A8CBC6DF-19B2-40FD-A00C-E482CCABEE2F}C:\program files\samsung\samsung new pc studio\npsdmpplayer.exe" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsdmpplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0 "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{797A536D-7F3A-4FC8-94FB-B36E108BF33A}" = TheWesterner "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5 "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CanonMyPrinter" = Canon Utilities My Printer "CCleaner" = CCleaner "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Setup.divx.com" = DivX-Setup "Dynamic-Photo HDR 4 (Trial)_is1" = Dynamic-Photo HDR Trial 4.8 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Glary Utilities_is1" = Glary Utilities 2.23.0.923 "HDMI" = Intel(R) Graphics Media Accelerator Driver "ICQToolbar" = ICQ Toolbar "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MP Navigator 3.1" = Canon MP Navigator 3.1 "Reason4_is1" = Reason 4.0 "RolandRDID0027" = EDIROL PCR Driver "RouterControl" = RouterControl 2.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 5" = TeamViewer 5 "UltraISO_is1" = UltraISO Premium V9.36 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "dd6e9302046dd572" = FRIENDS pro ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
|
14.01.2011, 16:29
| #5 |
| /// Malware-holic | Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2011, 06:24
| #6 |
| |  Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... Nachdem ich dieses Programm Combofix angewendet habe ist mein Laptop vollich Nutzlos-.- Nach jedem normalen Windows start erscheint ein Bluescreen. Beim Abgesicherten Modus jedoch nicht. Aber eine Systemwiederherstellung ust auch nicht möglich,da Windows,dann sagt,dass Windows in einem Zustand ist indem es nicht möglich ist eine Systemwiederherstellung durch zuführen... |
|
15.01.2011, 14:38
| #7 |
| /// Malware-holic | Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... dann stelle combofix.txt ein und den text des blue screens. es gibt malware, die so tief ins system eingreift das eine bereinigung nicht mehr möglich ist. mal schauen was genau passiert ist.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2011, 01:20
| #8 |
| | Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... Ich hab das Problem NICHT gelöst....NEU Formatiert....alles neu gemacht.... |
|
| Themen zu Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... |
| antivir, antivir guard, avira, bho, bonjour, canon, cdburnerxp, computer, desktop, excel, fehler, firefox, google, helper, hijackthis, internet explorer, launch, logfile, mozilla, nach updates, nicht möglich, pop-up-blocker, programm, prozess, realtek, skype.exe, software, studio, system, updates, virus, virus fund, vista, windows |
Linear-Darstellung
