| Noobie85 | 12.01.2013 17:25 |
Oh, tut mir in diesem Falle natürlich Leid. Ich habe vor einigen Monaten schon einmal einen Log gepostet und nach Hilfe gesucht (jedoch im Auftrag eines Freundes), wo ich die Logs an den Post hängen sollte. Wird sofort geändert :) Code:
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\colortbl ;\red0\green0\blue255;}
{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\f0\fs20OTL Logfile:
Code:
OTL logfile created on: 1/12/2013 2:13:42 PM - Run \par
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\\Programs\\OTLPE\par
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System\par
Internet Explorer (Version = 9.0.8112.16421)\par
Locale: 00000C07 | Country: \'d6sterreich | Language: DEA | Date Format: dd.MM.yyyy\par
\par
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free\par
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free\par
Paging file location(s): ?:\\pagefile.sys [binary data]\par
\par
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files\par
Drive C: | 142.54 Gb Total Space | 67.93 Gb Free Space | 47.66% Space Free | Partition Type: NTFS\par
Drive D: | 142.54 Gb Total Space | 141.93 Gb Free Space | 99.57% Space Free | Partition Type: NTFS\par
Drive E: | 1.88 Gb Total Space | 1.63 Gb Free Space | 86.58% Space Free | Partition Type: FAT32\par
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS\par
\par
Computer Name: REATOGO | User Name: SYSTEM\par
Boot Mode: Normal | Scan Mode: All users\par
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days\par
Using ControlSet: ControlSet001\par
\par
========== Win32 Services (SafeList) ==========\par
\par
SRV - (SkypeUpdate) -- C:\\Program Files\\Skype\\Updater\\Updater.exe (Skype Technologies)\par
SRV - (NisSrv) -- C:\\Program Files\\Microsoft Security Client\\NisSrv.exe (Microsoft Corporation)\par
SRV - (MsMpSvc) -- C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe (Microsoft Corporation)\par
SRV - (MBAMService) -- C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe (Malwarebytes Corporation)\par
SRV - (IAANTMON) Intel(R) -- C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\IAANTmon.exe (Intel Corporation)\par
SRV - (ETService) -- C:\\Program Files\\Acer\\Empowering Technology\\Service\\ETService.exe ()\par
SRV - (AgereModemAudio) -- C:\\Windows\\System32\\agrsmsvc.exe (Agere Systems)\par
SRV - (eDataSecurity Service) -- C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSService.exe (Egis Incorporated)\par
SRV - (WinDefend) -- C:\\Program Files\\Windows Defender\\MpSvc.dll (Microsoft Corporation)\par
SRV - (CLHNService) -- C:\\Program Files\\Acer Arcade Deluxe\\HomeMedia\\Kernel\\DMP\\CLHNService.exe ()\par
SRV - (MobilityService) -- C:\\Acer\\Mobility Center\\MobilityService.exe ()\par
\par
\par
========== Driver Services (SafeList) ==========\par
\par
DRV - (NwlnkFwd) -- File not found\par
DRV - (NwlnkFlt) -- File not found\par
DRV - (IpInIp) -- File not found\par
DRV - (hwusbdev) -- File not found\par
DRV - (hwdatacard) -- File not found\par
DRV - (NisDrv) -- C:\\Windows\\System32\\drivers\\NisDrvWFP.sys (Microsoft Corporation)\par
DRV - (MBAMProtector) -- C:\\Windows\\System32\\drivers\\mbam.sys (Malwarebytes Corporation)\par
DRV - (nvlddmkm) -- C:\\Windows\\System32\\drivers\\nvlddmkm.sys (NVIDIA Corporation)\par
DRV - (athr) -- C:\\Windows\\System32\\drivers\\athr.sys (Atheros Communications, Inc.)\par
DRV - (\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796\}) -- C:\\Program Files\\Acer Arcade Deluxe\\PlayMovie\\000.fcl (Cyberlink Corp.)\par
DRV - (NETw5v32) Intel(R) -- C:\\Windows\\System32\\drivers\\NETw5v32.sys (Intel Corporation)\par
DRV - (JMCR) -- C:\\Windows\\System32\\drivers\\jmcr.sys (JMicron Technology Corp.)\par
DRV - (int15) -- C:\\Windows\\System32\\drivers\\int15.sys (Acer, Inc.)\par
DRV - (AgereSoftModem) -- C:\\Windows\\System32\\drivers\\AGRSM.sys (Agere Systems)\par
DRV - (NTIPPKernel) -- C:\\Program Files\\Acer Arcade Deluxe\\HomeMedia\\Kernel\\DMP\\NTIPPKernel.sys (Cyberlink Corp.)\par
DRV - (winbondcir) -- C:\\Windows\\System32\\drivers\\winbondcir.sys (Winbond Electronics Corporation)\par
\par
\par
========== Standard Registry (SafeList) ==========\par
\par
\par
========== Internet Explorer ==========\par
\par
IE - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = {\field{\*\fldinst{HYPERLINK "hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg"}}{\fldrslt{\ul\cf1 hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg}}}\f0\fs20\par
IE - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = {\field{\*\fldinst{HYPERLINK "hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg"}}{\fldrslt{\ul\cf1 hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg}}}\f0\fs20\par
\par
\par
IE - HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: "ProxyEnable" = 0\par
\par
IE - HKU\\********_ON_C\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = {\field{\*\fldinst{HYPERLINK "hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg"}}{\fldrslt{\ul\cf1 hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0309&m=aspire_7730zg}}}\f0\fs20\par
IE - HKU\\*******_ON_C\\Software\\Microsoft\\Internet Explorer\\Main,Default_Secondary_Page_URL = {\field{\*\fldinst{HYPERLINK "hxxp://global.acer.com"}}{\fldrslt{\ul\cf1 hxxp://global.acer.com}}}\f0\fs20 [binary data]\par
IE - HKU\\*******_ON_C\\Software\\Microsoft\\Internet Explorer\\Main,SearchDefaultBranded = 1\par
IE - HKU\\*******_ON_C\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = {\field{\*\fldinst{HYPERLINK "hxxp://www.google.at/"}}{\fldrslt{\ul\cf1 hxxp://www.google.at/}}}\f0\fs20\par
IE - HKU\\*******_ON_C\\Software\\Microsoft\\Internet Explorer\\Main,StartPageCache = 1\par
IE - HKU\\*******_ON_C\\..\\URLSearchHook: \{D3D233D5-9F6D-436C-B6C7-E63F77503B30\} - Reg Error: Key error. File not found\par
IE - HKU\\*******_ON_C\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: "ProxyEnable" = 0\par
\par
\par
\par
\par
========== FireFox ==========\par
\par
\par
FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\System32\\Macromed\\Flash\\NPSWF32.dll ()\par
FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)\par
FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=1.6.0_32: C:\\Windows\\System32\\npdeployJava1.dll (Sun Microsystems, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin: C:\\Program Files\\Java\\jre6\\bin\\plugin2\\npjp2.dll (Sun Microsystems, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll ( Microsoft Corporation)\par
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=14.0.8081.0709: C:\\Program Files\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)\par
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WPF,version=3.5: C:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll (Microsoft Corporation)\par
FF - HKLM\\Software\\MozillaPlugins\\@real.com/nppl3260;version=15.0.4.53: C:\\Program Files\\Real\\RealPlayer\\Netscape6\\nppl3260.dll (RealNetworks, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprjplug;version=15.0.4.53: C:\\Program Files\\Real\\RealPlayer\\Netscape6\\nprjplug.dll (RealNetworks, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprphtml5videoshim.dll (RealNetworks, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprpplugin;version=15.0.4.53: C:\\Program Files\\Real\\RealPlayer\\Netscape6\\nprpplugin.dll (RealPlayer)\par
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll (Google Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll (Google Inc.)\par
\par
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4\}: C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\Firefox\\Ext [2013/01/10 06:46:41 | 000,000,000 | ---D | M]\par
\par
[2010/11/29 10:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\*******\\AppData\\Roaming\\Mozilla\\Extensions\par
[2010/11/29 10:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\*******\\AppData\\Roaming\\Mozilla\\Extensions\\\{SbX-145655-9783706837583-stu10\}\par
[2012/04/11 11:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\*******\\AppData\\Roaming\\Mozilla\\Firefox\\extensions\par
[2012/04/11 11:44:54 | 000,000,000 | ---D | M] (MB2 Community Toolbar) -- C:\\Users\\*******\\AppData\\Roaming\\Mozilla\\Firefox\\extensions\\\{013a635f-e3aa-4371-b682-ece95ca974b0\}\par
\par
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts\par
O1 - Hosts: 127.0.0.1 localhost\par
O1 - Hosts: ::1 localhost\par
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - \{3049C3E9-B461-4BC5-8870-4C09146192CA\} - C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\IE\\rpbrowserrecordplugin.dll (RealPlayer)\par
O2 - BHO: (no name) - \{5C255C8A-E604-49b4-9D64-90988571CECB\} - No CLSID value found.\par
O2 - BHO: (Java(tm) Plug-In SSV Helper) - \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43\} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll (Sun Microsystems, Inc.)\par
O2 - BHO: (ShowBarObj Class) - \{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96\} - C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\ActiveToolBand.dll (Egis)\par
O2 - BHO: (Searchqu Toolbar) - \{99079a25-328f-4bd4-be04-00955acaa0a7\} - C:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\searchqudtx.dll ()\par
O2 - BHO: (SearchCore for Browsers) - \{9D717F81-9148-4f12-8568-69135F087DB0\} - C:\\Program Files\\SearchCore for Browsers\\SearchCore for Browsers\\BrowserConnection.dll (Bandoo Media, inc)\par
O3 - HKLM\\..\\Toolbar: (Acer eDataSecurity Management) - \{5CBE3B7C-1E47-477e-A7DD-396DB0476E29\} - C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStoolbar.dll (Egis Incorporated.)\par
O3 - HKLM\\..\\Toolbar: (Searchqu Toolbar) - \{99079a25-328f-4bd4-be04-00955acaa0a7\} - C:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\searchqudtx.dll ()\par
O3 - HKLM\\..\\Toolbar: (no name) - 10 - No CLSID value found.\par
O3 - HKU\\*******_ON_C\\..\\Toolbar\\ShellBrowser: (Acer eDataSecurity Management) - \{5CBE3B7C-1E47-477E-A7DD-396DB0476E29\} - C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStoolbar.dll (Egis Incorporated.)\par
O4 - HKLM..\\Run: [ArcadeDeluxeAgent] C:\\Program Files\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\ArcadeDeluxeAgent.exe (CyberLink Corp.)\par
O4 - HKLM..\\Run: [CLMLServer] C:\\Program Files\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\Kernel\\CLML\\CLMLSvc.exe (CyberLink)\par
O4 - HKLM..\\Run: [ControlCenter3] C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe (Brother Industries, Ltd.)\par
O4 - HKLM..\\Run: [DATAMNGR] C:\\Program Files\\SearchCore for Browsers\\SearchCore for Browsers\\datamngrUI.exe (Bandoo Media, inc)\par
O4 - HKLM..\\Run: [eAudio] C:\\Program Files\\Acer\\Empowering Technology\\eAudio\\eAudio.exe (Acer Incorporated)\par
O4 - HKLM..\\Run: [eDataSecurity Loader] C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSLoader.exe (Egis Incorporated)\par
O4 - HKLM..\\Run: [ePower_DMC] C:\\Program Files\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe (Acer Inc.)\par
O4 - HKLM..\\Run: [eRecoveryService] File not found\par
O4 - HKLM..\\Run: [IAAnotif] C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe (Intel Corporation)\par
O4 - HKLM..\\Run: [LManager] C:\\Program Files\\Launch Manager\\QtZgAcer.EXE (Dritek System Inc.)\par
O4 - HKLM..\\Run: [Malwarebytes' Anti-Malware] C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe (Malwarebytes Corporation)\par
O4 - HKLM..\\Run: [MSC] C:\\Program Files\\Microsoft Security Client\\msseces.exe (Microsoft Corporation)\par
O4 - HKLM..\\Run: [NvCplDaemon] C:\\Windows\\System32\\NvCpl.dll (NVIDIA Corporation)\par
O4 - HKLM..\\Run: [NvMediaCenter] C:\\Windows\\System32\\NvMcTray.dll (NVIDIA Corporation)\par
O4 - HKLM..\\Run: [PlayMovie] C:\\Program Files\\Acer Arcade Deluxe\\PlayMovie\\PMVService.exe (Acer Corp.)\par
O4 - HKLM..\\Run: [PLFSetI] C:\\Windows\\PLFSetI.exe ()\par
O4 - HKLM..\\Run: [RtHDVCpl] C:\\Windows\\RtHDVCpl.exe (Realtek Semiconductor)\par
O4 - HKLM..\\Run: [TkBellExe] C:\\program files\\real\\realplayer\\Update\\realsched.exe (RealNetworks, Inc.)\par
O4 - HKLM..\\Run: [Windows Defender] C:\\Program Files\\Windows Defender\\MSASCui.exe (Microsoft Corporation)\par
O4 - HKU\\LocalService_ON_C..\\Run: [WindowsWelcomeCenter] C:\\Windows\\System32\\oobefldr.dll (Microsoft Corporation)\par
O4 - HKU\\NetworkService_ON_C..\\Run: [WindowsWelcomeCenter] C:\\Windows\\System32\\oobefldr.dll (Microsoft Corporation)\par
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoControlPanel = 0\par
O13 - gopher Prefix: missing\par
O16 - DPF: \{166B1BCA-3F9C-11CF-8075-444553540000\} {\field{\*\fldinst{HYPERLINK "hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab"}}{\fldrslt{\ul\cf1 hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab}}}\f0\fs20 (Reg Error: Key error.)\par
O16 - DPF: \{233C1507-6A77-46A4-9443-F871F945D258\} {\field{\*\fldinst{HYPERLINK "hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab"}}{\fldrslt{\ul\cf1 hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab}}}\f0\fs20 (Reg Error: Key error.)\par
O16 - DPF: \{26522409-8BBF-4C5B-A4D3-CF4B1D6F255B\} {\field{\*\fldinst{HYPERLINK "hxxp://www.umediaserver.net/bin/UMediaControl5.cab"}}{\fldrslt{\ul\cf1 hxxp://www.umediaserver.net/bin/UMediaControl5.cab}}}\f0\fs20 (UMediaPlayer Class)\par
O16 - DPF: \{8AD9C840-044E-11D1-B3E9-00805F499D93\} {\field{\*\fldinst{HYPERLINK "hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab"}}{\fldrslt{\ul\cf1 hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab}}}\f0\fs20 (Java Plug-in 1.6.0_32)\par
O16 - DPF: \{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B\} {\field{\*\fldinst{HYPERLINK "hxxp://game01.zylom.com/activex/zylomgamesplayer.cab"}}{\fldrslt{\ul\cf1 hxxp://game01.zylom.com/activex/zylomgamesplayer.cab}}}\f0\fs20 (Zylom Games Player)\par
O16 - DPF: \{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA\} {\field{\*\fldinst{HYPERLINK "hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab"}}{\fldrslt{\ul\cf1 hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab}}}\f0\fs20 (Java Plug-in 1.6.0_32)\par
O16 - DPF: \{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA\} {\field{\*\fldinst{HYPERLINK "hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab"}}{\fldrslt{\ul\cf1 hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab}}}\f0\fs20 (Java Plug-in 1.6.0_32)\par
O16 - DPF: \{E2883E8F-472F-4FB0-9522-AC9BF37916A7\} {\field{\*\fldinst{HYPERLINK "hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"}}{\fldrslt{\ul\cf1 hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab}}}\f0\fs20 (Reg Error: Key error.)\par
O16 - DPF: \{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6\} {\field{\*\fldinst{HYPERLINK "hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab"}}{\fldrslt{\ul\cf1 hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab}}}\f0\fs20 (IWinAmpActiveX Class)\par
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.2.1\par
O18 - Protocol\\Handler\\skype4com \{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D\} - C:\\Program Files\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)\par
O20 - AppInit_DLLs: (C:\\PROGRA~1\\SEARCH~1\\SEARCH~1\\datamngr.dll) - C:\\Program Files\\SearchCore for Browsers\\SearchCore for Browsers\\datamngr.dll (Bandoo Media, inc)\par
O20 - AppInit_DLLs: (C:\\PROGRA~1\\SEARCH~1\\SEARCH~1\\IEBHO.dll) - C:\\Program Files\\SearchCore for Browsers\\SearchCore for Browsers\\IEBHO.dll (Bandoo Media, inc)\par
O20 - AppInit_DLLs: (C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL) - C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktopNetwork3.dll (Google)\par
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)\par
O20 - Winlogon\\Notify\\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found\par
O24 - Desktop WallPaper: C:\\Windows\\Web\\Wallpaper\\img24.jpg\par
O24 - Desktop BackupWallPaper: C:\\Windows\\Web\\Wallpaper\\img24.jpg\par
O32 - HKLM CDRom: AutoRun - 1\par
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]\par
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\\AUTORUN.INF -- [ CDFS ]\par
O33 - MountPoints2\\\{3f15157c-cfc5-11e0-92a0-00238b90bbc6\}\\Shell - "" = AutoRun\par
O33 - MountPoints2\\\{3f15157c-cfc5-11e0-92a0-00238b90bbc6\}\\Shell\\AutoRun\\command - "" = F:\\AutoRun.exe\par
O33 - MountPoints2\\\{3f151589-cfc5-11e0-92a0-00238b90bbc6\}\\Shell - "" = AutoRun\par
O33 - MountPoints2\\\{3f151589-cfc5-11e0-92a0-00238b90bbc6\}\\Shell\\AutoRun\\command - "" = F:\\AutoRun.exe\par
O33 - MountPoints2\\\{d2fd78ee-d192-11e0-b526-00238b90bbc6\}\\Shell - "" = AutoRun\par
O33 - MountPoints2\\\{d2fd78ee-d192-11e0-b526-00238b90bbc6\}\\Shell\\AutoRun\\command - "" = F:\\AutoRun.exe\par
O34 - HKLM BootExecute: (autocheck autochk *) - File not found\par
O35 - HKLM\\..comfile [open] -- "%1" %*\par
O35 - HKLM\\..exefile [open] -- "%1" %*\par
O37 - HKLM\\...com [@ = comfile] -- "%1" %*\par
O37 - HKLM\\...exe [@ = exefile] -- "%1" %*\par
\par
========== Files/Folders - Created Within 30 Days ==========\par
\par
[2013/01/09 22:03:46 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\win32k.sys\par
[2013/01/09 22:02:54 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ncrypt.dll\par
[2012/12/21 21:01:44 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\atmfd.dll\par
[2012/12/21 21:01:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\\Windows\\System32\\atmlib.dll\par
[2012/12/14 10:16:49 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Skype\par
[2012/12/14 10:16:48 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\Skype\par
[2012/12/14 10:16:38 | 000,000,000 | R--D | C] -- C:\\Program Files\\Skype\par
[2009/01/10 22:36:44 | 000,049,152 | ---- | C] ( ) -- C:\\Windows\\Interop.IWshRuntimeLibrary.dll\par
[2 C:\\Users\\*******\\AppData\\Roaming\\*.tmp files -> C:\\Users\\*******\\AppData\\Roaming\\*.tmp -> ]\par
\par
========== Files - Modified Within 30 Days ==========\par
\par
[2013/01/12 07:21:34 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat\par
[2013/01/12 07:21:23 | 000,000,000 | ---- | M] () -- C:\\Windows\\System32\\LogConfigTemp.xml\par
[2013/01/12 07:21:09 | 000,094,513 | ---- | M] () -- C:\\ProgramData\\nvModes.dat\par
[2013/01/12 07:21:09 | 000,094,513 | ---- | M] () -- C:\\ProgramData\\nvModes.001\par
[2013/01/12 07:21:08 | 000,003,216 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0\par
[2013/01/12 07:21:08 | 000,003,216 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0\par
[2013/01/12 07:21:02 | 000,001,094 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job\par
[2013/01/12 07:20:45 | 3215,843,328 | -HS- | M] () -- C:\\hiberfil.sys\par
[2013/01/12 07:09:18 | 000,628,742 | ---- | M] () -- C:\\Windows\\System32\\perfh007.dat\par
[2013/01/12 07:09:18 | 000,595,996 | ---- | M] () -- C:\\Windows\\System32\\perfh009.dat\par
[2013/01/12 07:09:18 | 000,126,454 | ---- | M] () -- C:\\Windows\\System32\\perfc007.dat\par
[2013/01/12 07:09:18 | 000,104,070 | ---- | M] () -- C:\\Windows\\System32\\perfc009.dat\par
[2013/01/12 06:57:01 | 000,001,098 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job\par
[2013/01/11 04:40:17 | 000,382,800 | ---- | M] () -- C:\\Windows\\System32\\FNTCACHE.DAT\par
[2013/01/03 13:09:27 | 000,000,680 | ---- | M] () -- C:\\Users\\*******\\AppData\\Local\\d3d9caps.dat\par
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\\Windows\\System32\\atmlib.dll\par
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\atmfd.dll\par
[2012/12/14 10:16:49 | 000,001,880 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Skype.lnk\par
[2012/12/14 10:16:49 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Skype\par
[2012/12/14 05:31:02 | 000,001,975 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Google Chrome.lnk\par
[2 C:\\Users\\*******\\AppData\\Roaming\\*.tmp files -> C:\\Users\\*******\\AppData\\Roaming\\*.tmp -> ]\par
\par
========== Files Created - No Company Name ==========\par
\par
[2012/12/14 10:16:49 | 000,001,880 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Skype.lnk\par
[2012/10/02 12:35:01 | 000,106,496 | ---- | C] () -- C:\\ProgramData\\lietnoec.exe\par
[2012/10/02 12:34:58 | 000,074,128 | ---- | C] () -- C:\\ProgramData\\vbgwqcmbtspjkya\par
[2012/04/27 04:30:48 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe111.dll\par
[2012/04/26 05:26:39 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe110.dll\par
[2012/04/24 04:10:31 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe109.dll\par
[2012/04/23 04:46:54 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe108.dll\par
[2012/04/19 03:47:30 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe107.dll\par
[2012/04/18 03:26:03 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe106.dll\par
[2012/04/17 05:17:36 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe105.dll\par
[2012/04/16 04:05:54 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe104.dll\par
[2012/04/13 09:51:28 | 000,007,368 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe103.dll\par
[2012/04/11 04:03:51 | 000,007,384 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe101.dll\par
[2012/04/07 07:36:17 | 000,007,384 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe097.dll\par
[2012/04/03 09:00:02 | 000,226,808 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\AcroIEHelpe095.dll\par
[2012/03/30 04:39:32 | 000,259,576 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\AcroIEHelpe094.dll\par
[2012/03/28 04:27:49 | 000,259,576 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\AcroIEHelpe093.dll\par
[2012/03/23 11:45:59 | 000,280,056 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\AcroIEHelpe091.dll\par
[2012/03/21 11:42:06 | 000,005,624 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\BAcroIEHelpe.dll\par
[2012/03/20 13:26:09 | 000,000,441 | ---- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\urhtps.dat\par
[2011/05/11 17:01:33 | 000,000,680 | ---- | C] () -- C:\\Users\\**************\\AppData\\Local\\d3d9caps.dat\par
[2010/06/23 11:03:39 | 000,190,976 | ---- | C] () -- C:\\Windows\\System32\\WgaLogon.dll\par
[2010/06/23 11:03:05 | 000,414,208 | ---- | C] () -- C:\\Windows\\System32\\WgaTray.exe\par
[2009/10/31 05:08:11 | 000,207,808 | RHS- | C] () -- C:\\Users\\*******\\AppData\\Roaming\\prapproxy32.dll\par
[2009/10/12 11:34:05 | 000,000,425 | ---- | C] () -- C:\\Windows\\BRWMARK.INI\par
[2009/10/12 11:34:05 | 000,000,027 | ---- | C] () -- C:\\Windows\\BRPP2KA.INI\par
[2009/10/12 11:18:23 | 000,000,050 | ---- | C] () -- C:\\Windows\\System32\\bridf08b.dat\par
[2009/10/12 11:07:37 | 000,031,664 | ---- | C] () -- C:\\Windows\\maxlink.ini\par
[2009/09/17 05:38:26 | 000,117,248 | ---- | C] () -- C:\\Windows\\System32\\EhStorAuthn.dll\par
[2009/09/17 05:38:26 | 000,107,612 | ---- | C] () -- C:\\Windows\\System32\\StructuredQuerySchema.bin\par
[2009/08/03 09:07:42 | 000,667,136 | ---- | C] () -- C:\\Windows\\System32\\OGACheckControl.dll\par
[2009/07/30 06:18:34 | 000,000,035 | ---- | C] () -- C:\\Windows\\cdplayer.ini\par
[2009/05/08 13:46:17 | 000,000,056 | -H-- | C] () -- C:\\ProgramData\\ezsidmv.dat\par
[2009/05/06 15:16:08 | 000,000,010 | ---- | C] () -- C:\\Windows\\popcinfo.dat\par
[2009/05/06 05:26:11 | 000,040,448 | ---- | C] () -- C:\\Users\\*******\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini\par
[2009/05/06 04:14:02 | 000,000,400 | ---- | C] () -- C:\\Windows\\ODBC.INI\par
[2009/05/06 03:48:54 | 000,094,513 | ---- | C] () -- C:\\ProgramData\\nvModes.001\par
[2009/03/20 03:36:45 | 000,094,513 | ---- | C] () -- C:\\ProgramData\\nvModes.dat\par
[2009/03/20 03:17:26 | 000,626,688 | ---- | C] () -- C:\\Windows\\Image.dll\par
[2009/03/20 03:17:26 | 000,200,704 | ---- | C] () -- C:\\Windows\\PLFSetI.exe\par
[2009/03/20 03:17:26 | 000,000,036 | ---- | C] () -- C:\\Windows\\PidList.ini\par
[2009/01/10 22:35:32 | 001,060,424 | ---- | C] () -- C:\\Windows\\System32\\WdfCoInstaller01000.dll\par
[2009/01/10 16:10:31 | 000,001,024 | RH-- | C] () -- C:\\Windows\\System32\\NTIOFM4.dll\par
[2009/01/10 16:10:31 | 000,001,024 | RH-- | C] () -- C:\\Windows\\System32\\NTIBUN5.dll\par
[2009/01/10 15:51:43 | 000,204,800 | ---- | C] () -- C:\\Windows\\System32\\SysHook.dll\par
[2009/01/10 15:28:29 | 000,487,424 | ---- | C] () -- C:\\Windows\\System32\\INT15.dll\par
[2009/01/10 15:16:14 | 000,001,694 | ---- | C] () -- C:\\Windows\\RtDefLvl.ini\par
[2009/01/10 15:16:14 | 000,000,520 | ---- | C] () -- C:\\Windows\\System32\\drivers\\RTEQEX1.dat\par
[2009/01/10 15:16:14 | 000,000,520 | ---- | C] () -- C:\\Windows\\System32\\drivers\\RTEQEX0.dat\par
[2009/01/10 15:16:14 | 000,000,008 | ---- | C] () -- C:\\Windows\\System32\\drivers\\rtkhdaud.dat\par
[2009/01/10 14:23:07 | 000,018,904 | ---- | C] () -- C:\\Windows\\System32\\StructuredQuerySchemaTrivial.bin\par
[2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\\Windows\\System32\\perfh007.dat\par
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\\Windows\\System32\\perfi007.dat\par
[2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\\Windows\\System32\\perfc007.dat\par
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\\Windows\\System32\\perfd007.dat\par
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\\Windows\\bootstat.dat\par
[2006/11/02 07:47:37 | 000,382,800 | ---- | C] () -- C:\\Windows\\System32\\FNTCACHE.DAT\par
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\\Windows\\System32\\sysprepMCE.dll\par
[2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\\Windows\\System32\\perfh009.dat\par
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\\Windows\\System32\\perfi009.dat\par
[2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\\Windows\\System32\\perfc009.dat\par
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\\Windows\\System32\\perfd009.dat\par
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\\Windows\\System32\\dssec.dat\par
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\\Windows\\mib.bin\par
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\\Windows\\System32\\NOISE.DAT\par
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\\Windows\\System32\\pacerprf.ini\par
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\\Windows\\System32\\mlang.dat\par
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\\Windows\\System32\\multiplex_vcd.dll\par
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\\Windows\\System32\\Hmpg12.dll\par
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\\Windows\\System32\\HMPV2_ENC.dll\par
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\\Windows\\System32\\HMPV2_ENC_MMX.dll\par
\par
========== LOP Check ==========\par
\par
[2012/10/30 12:18:42 | 000,000,000 | -HSD | M] -- C:\\Users\\*******\\AppData\\Roaming\\.#\par
[2009/01/10 16:08:40 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Acer GameZone Console\par
[2009/05/19 04:39:16 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Big Fish Games\par
[2009/06/17 06:45:21 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\eSobi\par
[2012/05/18 01:24:29 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Fighters\par
[2009/05/14 03:23:42 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\FloodLightGames\par
[2009/05/17 14:57:13 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Gaijin Ent\par
[2009/05/13 07:06:12 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\iWin\par
[2012/03/20 11:20:58 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\kock\par
[2010/11/29 10:17:17 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Manz\par
[2009/07/06 07:49:11 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\PlayFirst\par
[2009/10/12 11:24:29 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\ScanSoft\par
[2011/08/26 04:42:24 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\T-Mobile\par
[2012/04/25 13:54:55 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\UAs\par
[2012/05/18 12:55:50 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Uniblue\par
[2012/04/11 11:42:58 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Unreal Streaming\par
[2012/12/09 08:12:14 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\Windows Live Writer\par
[2012/05/01 03:25:05 | 000,000,000 | ---D | M] -- C:\\Users\\*******\\AppData\\Roaming\\xmldm\par
[2009/01/10 16:08:40 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Acer GameZone Console\par
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Anwendungsdaten\par
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Application Data\par
[2009/05/17 15:08:13 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Arcade Lab\par
[2011/08/12 03:18:32 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Ask\par
[2012/10/02 12:35:02 | 000,000,000 | ---D | M] -- C:\\ProgramData\\axevzfkwlhwijhi\par
[2012/05/18 12:54:22 | 000,000,000 | ---D | M] -- C:\\ProgramData\\boost_interprocess\par
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Desktop\par
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Documents\par
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Dokumente\par
[2009/01/10 16:18:42 | 000,000,000 | ---D | M] -- C:\\ProgramData\\eSobi\par
[2012/06/12 09:47:05 | 000,000,000 | ---D | M] -- C:\\ProgramData\\F4D55F3B000C8EF80062A990570F1C8B\par
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Favoriten\par
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Favorites\par
[2012/05/22 18:13:56 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Fighters\par
[2009/01/10 15:58:52 | 000,000,000 | ---D | M] -- C:\\ProgramData\\FloodLightGames\par
[2009/05/17 14:59:42 | 000,000,000 | ---D | M] -- C:\\ProgramData\\InterAction studios\par
[2009/05/13 07:10:53 | 000,000,000 | ---D | M] -- C:\\ProgramData\\JollyBear\par
[2011/05/13 15:00:09 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Last.fm\par
[2009/08/04 10:27:07 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Oberon Games\par
[2009/07/06 07:49:11 | 000,000,000 | ---D | M] -- C:\\ProgramData\\PlayFirst\par
[2009/05/19 04:51:32 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Sandlot Games\par
[2009/11/19 10:16:55 | 000,000,000 | ---D | M] -- C:\\ProgramData\\ScanSoft\par
[2009/05/13 06:09:27 | 000,000,000 | ---D | M] -- C:\\ProgramData\\SpinTop Games\par
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Start Menu\par
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Startmen\'fc\par
[2010/04/08 19:21:30 | 000,000,000 | ---D | M] -- C:\\ProgramData\\TEMP\par
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Templates\par
[2009/05/06 03:45:45 | 000,000,000 | -HSD | M] -- C:\\ProgramData\\Vorlagen\par
[2012/02/15 05:21:06 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Windows\par
[2012/06/12 10:23:52 | 000,000,000 | ---D | M] -- C:\\ProgramData\\WindowsSearch\par
[2009/07/06 18:03:46 | 000,000,000 | ---D | M] -- C:\\ProgramData\\Zylom\par
[2012/05/18 12:55:51 | 000,000,000 | ---D | M] -- C:\\ProgramData\\\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46\}\par
[2013/01/12 07:21:32 | 000,032,534 | ---- | M] () -- C:\\Windows\\Tasks\\SCHEDLGU.TXT\par
\par
========== Purity Check ==========\par
\par
\par
\par
========== Alternate Data Streams ==========\par
\par
@Alternate Data Stream - 98 bytes -> C:\\ProgramData\\TEMP:9E22BBE8\par
@Alternate Data Stream - 134 bytes -> C:\\ProgramData\\TEMP:FEBEC560\par
@Alternate Data Stream - 132 bytes -> C:\\ProgramData\\TEMP:E36F5B57\par
@Alternate Data Stream - 128 bytes -> C:\\ProgramData\\TEMP:861A898F\par
@Alternate Data Stream - 121 bytes -> C:\\ProgramData\\TEMP:193426B4\par
@Alternate Data Stream - 120 bytes -> C:\\ProgramData\\TEMP:580E04D8\par
@Alternate Data Stream - 118 bytes -> C:\\ProgramData\\TEMP:8AB6C1D7\par
@Alternate Data Stream - 117 bytes -> C:\\ProgramData\\TEMP:8173A019\par
@Alternate Data Stream - 117 bytes -> C:\\ProgramData\\TEMP:2B99FE60\par
@Alternate Data Stream - 116 bytes -> C:\\ProgramData\\TEMP:9F683177\par
@Alternate Data Stream - 114 bytes -> C:\\ProgramData\\TEMP:B623B5B8\par
@Alternate Data Stream - 113 bytes -> C:\\ProgramData\\TEMP:C95B63DA\par
@Alternate Data Stream - 113 bytes -> C:\\ProgramData\\TEMP:793F316E\par
@Alternate Data Stream - 110 bytes -> C:\\ProgramData\\TEMP:FC420CE6\par
@Alternate Data Stream - 110 bytes -> C:\\ProgramData\\TEMP:4F636E25\par
@Alternate Data Stream - 109 bytes -> C:\\ProgramData\\TEMP:4CF61E54\par
@Alternate Data Stream - 103 bytes -> C:\\ProgramData\\TEMP:4BB26BE9\par
@Alternate Data Stream - 101 bytes -> C:\\ProgramData\\TEMP:131C0EE9\par
< End of report >
--- --- ---
\par
}
Code:
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\f0\fs20OTL Logfile:
Code:
OTL Extras logfile created on: 1/12/2013 2:13:42 PM - Run \par
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\\Programs\\OTLPE\par
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System\par
Internet Explorer (Version = 9.0.8112.16421)\par
Locale: 00000C07 | Country: \'d6sterreich | Language: DEA | Date Format: dd.MM.yyyy\par
\par
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free\par
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free\par
Paging file location(s): ?:\\pagefile.sys [binary data]\par
\par
%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files\par
Drive C: | 142.54 Gb Total Space | 67.93 Gb Free Space | 47.66% Space Free | Partition Type: NTFS\par
Drive D: | 142.54 Gb Total Space | 141.93 Gb Free Space | 99.57% Space Free | Partition Type: NTFS\par
Drive E: | 1.88 Gb Total Space | 1.63 Gb Free Space | 86.58% Space Free | Partition Type: FAT32\par
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS\par
\par
Computer Name: REATOGO | User Name: SYSTEM\par
Boot Mode: Normal | Scan Mode: All users\par
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days\par
Using ControlSet: ControlSet001\par
\par
========== Extra Registry (SafeList) ==========\par
\par
\par
========== File Associations ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]\par
.cpl [@ = cplfile] -- C:\\Windows\\System32\\control.exe (Microsoft Corporation)\par
.hlp [@ = hlpfile] -- C:\\Windows\\winhlp32.exe (Microsoft Corporation)\par
\par
========== Shell Spawning ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]\par
batfile [open] -- "%1" %*\par
cmdfile [open] -- "%1" %*\par
comfile [open] -- "%1" %*\par
cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe "%1",%* (Microsoft Corporation)\par
exefile [open] -- "%1" %*\par
helpfile [open] -- Reg Error: Key error.\par
hlpfile [open] -- %SystemRoot%\\winhlp32.exe %1 (Microsoft Corporation)\par
inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe "%1" (Microsoft Corporation)\par
piffile [open] -- "%1" %*\par
regfile [merge] -- Reg Error: Key error.\par
scrfile [config] -- "%1"\par
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l\par
scrfile [open] -- "%1" /S\par
txtfile [edit] -- Reg Error: Key error.\par
Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1\par
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)\par
Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)\par
Folder [open] -- %SystemRoot%\\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)\par
Folder [explore] -- %SystemRoot%\\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)\par
Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)\par
\par
========== Security Center Settings ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]\par
"cval" = 0\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]\par
"AntiVirusOverride" = 0\par
"AntiSpywareOverride" = 0\par
"FirewallOverride" = 0\par
"VistaSp1" = Reg Error: Unknown registry data type -- File not found\par
"VistaSp2" = Reg Error: Unknown registry data type -- File not found\par
\par
========== Firewall Settings ==========\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]\par
"EnableFirewall" = 1\par
"DisableNotifications" = 0\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]\par
"EnableFirewall" = 1\par
"DisableNotifications" = 0\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]\par
"EnableFirewall" = 1\par
"DisableNotifications" = 0\par
\par
========== Authorized Applications List ==========\par
\par
\par
========== HKEY_LOCAL_MACHINE Uninstall List ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
"\{052FDD78-A6EA-3187-8386-C82F4CA3A929\}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu\par
"\{10F498FF-5392-4DF3-8F73-FE172A9F3800\}" = Winbond CIR Device Drivers\par
"\{11316260-6666-467B-AC34-183FCB5D4335\}" = Acer Mobility Center Plug-In\par
"\{12EFA1A4-AC3B-443C-8143-237EDE760403\}" = NTI Backup Now Standard\par
"\{13D85C14-2B85-419F-AC41-C7F21E68B25D\}" = Acer eSettings Management\par
"\{205C6BDD-7B73-42DE-8505-9A093F35A238\}" = Windows Live-Uploadtool\par
"\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94\}" = MSVCRT\par
"\{2413930C-8309-47A6-BC61-5EF27A4222BC\}" = NTI Media Maker 8\par
"\{2637C347-9DAD-11D6-9EA2-00055D0CA761\}" = Acer Arcade Deluxe\par
"\{26604C7E-A313-4D12-867F-7C6E7820BE4C\}" = JMicron JMB38X Flash Media Controller\par
"\{26A24AE4-039D-4CA4-87B4-2F83216032FF\}" = Java(TM) 6 Update 32\par
"\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB\}" = RealUpgrade 1.1\par
"\{28E82311-8616-11E1-BEB0-B8AC6F97B88E\}" = Google Earth\par
"\{2BA722D1-48D1-406E-9123-8AE5431D63EF\}" = Windows Live Fotogalerie\par
"\{2BC2781A-F7F6-452E-95EB-018A522F1B2C\}" = PaperPort Image Printer\par
"\{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327\}" = Brother MFL-Pro Suite DCP-585CW\par
"\{3C3901C5-3455-3E0A-A214-0B093A5070A6\}" = Microsoft .NET Framework 4 Client Profile\par
"\{41E654A9-26D0-4EAC-854B-0FA824FFFABB\}" = Windows Live Messenger\par
"\{4A03706F-666A-4037-7777-5F2748764D10\}" = Java Auto Updater\par
"\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3\}" = Microsoft Works\par
"\{52B97218-98CB-4B8B-9283-D213C85E1AA4\}" = Windows Live Anmelde-Assistent\par
"\{57265292-228A-41FA-9AEC-4620CBCC2739\}" = Acer eAudio Management\par
"\{58E5844B-7CE2-413D-83D1-99294BF6C74F\}" = Acer ePower Management\par
"\{5B63A470-9334-44D1-AF61-6CE2DB565AE9\}" = Orion\par
"\{5FC68772-6D56-41C6-9DF1-24E868198AE6\}" = Windows Live Call\par
"\{612C34C7-5E90-47D8-9B5C-0F717DD82726\}" = swMSM\par
"\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2\}" = Microsoft Visual C++ 2005 Redistributable\par
"\{76618402-179D-4699-A66B-D351C59436BC\}" = Windows Live Sync\par
"\{770657D0-A123-3C07-8E44-1C83EC895118\}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053\par
"\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA\}" = RealNetworks - Microsoft Visual C++ 2008 Runtime\par
"\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC\}" = Acer ScreenSaver\par
"\{7A8FF745-BBC5-482B-88E4-18D3178249A9\}" = ScanSoft PaperPort 11\par
"\{7F811A54-5A09-4579-90E1-C93498E230D9\}" = Acer eRecovery Management\par
"\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00\}" = Microsoft Silverlight\par
"\{8F1B6239-FEA0-450A-A950-B05276CE177C\}" = Acer Empowering Technology\par
"\{90120000-0012-0000-0000-0000000FF1CE\}" = Microsoft Office Standard 2007\par
"\{90120000-0012-0000-0000-0000000FF1CE\}_STANDARD_\{6E107EB7-8B55-48BF-ACCB-199F86A2CD93\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{90120000-0016-0407-0000-0000000FF1CE\}" = Microsoft Office Excel MUI (German) 2007\par
"\{90120000-0016-0407-0000-0000000FF1CE\}_STANDARD_\{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{90120000-0018-0407-0000-0000000FF1CE\}" = Microsoft Office PowerPoint MUI (German) 2007\par
"\{90120000-0018-0407-0000-0000000FF1CE\}_STANDARD_\{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{90120000-001A-0407-0000-0000000FF1CE\}" = Microsoft Office Outlook MUI (German) 2007\par
"\{90120000-001A-0407-0000-0000000FF1CE\}_STANDARD_\{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{90120000-001B-0407-0000-0000000FF1CE\}" = Microsoft Office Word MUI (German) 2007\par
"\{90120000-001B-0407-0000-0000000FF1CE\}_STANDARD_\{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{90120000-001F-0407-0000-0000000FF1CE\}" = Microsoft Office Proof (German) 2007\par
"\{90120000-001F-0407-0000-0000000FF1CE\}_STANDARD_\{928D7B99-2BEA-49F9-83B8-20FA57860643\}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)\par
"\{90120000-001F-0409-0000-0000000FF1CE\}" = Microsoft Office Proof (English) 2007\par
"\{90120000-001F-0409-0000-0000000FF1CE\}_STANDARD_\{1FF96026-A04A-4C3E-B50A-BB7022654D0F\}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)\par
"\{90120000-001F-040C-0000-0000000FF1CE\}" = Microsoft Office Proof (French) 2007\par
"\{90120000-001F-040C-0000-0000000FF1CE\}_STANDARD_\{71F055E8-E2C6-4214-BB3D-BFE03561B89E\}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)\par
"\{90120000-001F-0410-0000-0000000FF1CE\}" = Microsoft Office Proof (Italian) 2007\par
"\{90120000-001F-0410-0000-0000000FF1CE\}_STANDARD_\{A23BFC95-4A73-410F-9248-4C2B48E38C49\}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)\par
"\{90120000-002C-0407-0000-0000000FF1CE\}" = Microsoft Office Proofing (German) 2007\par
"\{90120000-006E-0407-0000-0000000FF1CE\}" = Microsoft Office Shared MUI (German) 2007\par
"\{90120000-006E-0407-0000-0000000FF1CE\}_STANDARD_\{A6353E8F-5B8D-47CC-8737-DFF032ED3973\}" = Microsoft Office 2007 Service Pack 3 (SP3)\par
"\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E\}" = Intel\'ae Matrix Storage Manager\par
"\{95120000-00B9-0409-0000-0000000FF1CE\}" = Microsoft Application Error Reporting\par
"\{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD\}" = Microsoft Security Client\par
"\{A5633652-3795-4829-BB0B-644F0279E279\}" = Acer eDataSecurity Management\par
"\{A64A5576-D862-44F8-89DC-2B17FCC9B86E\}" = Broadcom Gigabit Integrated Controller\par
"\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E\}" = Acer Crystal Eye Webcam 2.0.8\par
"\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2\}" = Google Update Helper\par
"\{AC76BA86-7AD7-1031-7B44-A90000000001\}" = Adobe Reader 9 - Deutsch\par
"\{B2544A03-10D0-4E5E-BA69-0362FFC20D18\}" = OGA Notifier 2.0.0048.0\par
"\{C4D738F7-996A-4C81-B8FA-C4E26D767E41\}" = Windows Live Mail\par
"\{CB099890-1D5F-11D5-9EA9-0050BAE317E1\}" = CyberLink PowerDirector\par
"\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9\}" = Microsoft .NET Framework 3.5 SP1\par
"\{CE386A4E-D0DA-4208-8235-BCE43275C694\}" = LightScribe 1.4.142.1\par
"\{D36DD326-7280-11D8-97C8-000129760CBE\}" = PhotoNow!\par
"\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E\}" = Acer Product Registration\par
"\{E0A4805D-280A-4DD7-9E74-3A5F85E302A1\}" = Windows Live Writer\par
"\{E2DFE069-083E-4631-9B6C-43C48E991DE5\}" = Junk Mail filter update\par
"\{E662F023-ACB2-445A-B7CE-65F487AFBEF5\}" = BMD55\par
"\{EA17F4FC-FDBF-4CF8-A529-2D983132D053\}" = Skype\'99 6.0\par
"\{ED00D08A-3C5F-488D-93A0-A04F21F23956\}" = Windows Live Communications Platform\par
"\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8\}" = Microsoft SQL Server 2005 Compact Edition [ENU]\par
"\{F0E12BBA-AD66-4022-A453-A1C8A0C4D570\}" = Microsoft Choice Guard\par
"\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC\}" = Realtek High Definition Audio Driver\par
"\{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F\}" = Windows Live Essentials\par
"\{SbX-145655-9783706837583-stu10\}\}_is1" = SbX Rechnungswesen HAS 3 10-11\par
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1\par
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX\par
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin\par
"Agere Systems Soft Modem" = Agere Systems HDA Modem\par
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4\par
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7\par
"Google Chrome" = Google Chrome\par
"Google Desktop" = Google Desktop\par
"GridVista" = Acer GridVista\par
"InstallShield_\{12EFA1A4-AC3B-443C-8143-237EDE760403\}" = NTI Backup Now 5\par
"InstallShield_\{2413930C-8309-47A6-BC61-5EF27A4222BC\}" = NTI Media Maker 8\par
"InstallShield_\{2637C347-9DAD-11D6-9EA2-00055D0CA761\}" = Acer Arcade Deluxe\par
"InstallShield_\{CB099890-1D5F-11D5-9EA9-0050BAE317E1\}" = CyberLink PowerDirector\par
"LastFM_is1" = Last.fm 1.5.4.27091\par
"LManager" = Launch Manager\par
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400\par
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU\par
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1\par
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile\par
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack\par
"Microsoft Security Client" = Microsoft Security Essentials\par
"NVIDIA Drivers" = NVIDIA Drivers\par
"RealPlayer 15.0" = RealPlayer\par
"SearchCore for Browsers" = SearchCore for Browsers\par
"Searchqu 406 MediaBar" = Windows iLivid Toolbar\par
"STANDARD" = Microsoft Office Standard 2007\par
"SynTPDeinstKey" = Synaptics Pointing Device Driver\par
"TTCO_is1" = Terrorist Takedown Covert Operations\par
"Uninstall_is1" = Uninstall 1.0.0.1\par
"WinLiveSuite_Wave3" = Windows Live Essentials\par
"YTdetect" = Yahoo! Detect\par
\par
========== HKEY_USERS Uninstall List ==========\par
\par
[HKEY_USERS\\*******_ON_C\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
\par
< End of report >
--- --- ---
\par
}
|
