| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: InternetExplorer öfnet sich von selbst mit werbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.01.2011, 17:40
| #1 |
| |  InternetExplorer öfnet sich von selbst mit werbung Ich möchte mich schonmal GANZ herzlich bedanken für jegliche hilfe aller art. Für euch wirds sicher ein Kinderspiel, aber ich bin ratlos. Ich benutze Firefox und habe neulich auf einer nicht ganz koscheren(?) Seite etwas heruntergeladen und blind eine exe ausgeführt. ... die Strafe folgte sofort.. jedes mal wen ich surfe öfnet sich nach wenigen sekunden der InternetExplorer und zeigt werbung an. schliesse ich ihn öfnet er nach wenigen sekunden wieder und zeigt werbung an -.- hatte manchmal auch das gefühl das mein pc langsamer wird. hab mir die cpu leistung angeschaut und promt waren die werte manchmal um die 100%. Hier mein Logfile HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:20:37, on 11.01.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe C:\Program Files (x86)\Hardcopy\hardcopy.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Andy\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (file missing) F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (file missing) O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [PayPal Alert] C:\Program Files (x86)\PayPal Alert\PayPal Alert.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe O4 - Global Startup: Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe O8 - Extra context menu item: CC Web-Interface - hxxp://localhost:4002/cookie.cooker/loadifscript O8 - Extra context menu item: Formulare ausfüllen (echte Daten) - hxxp://localhost:4002/cookie.cooker/fillscriptp O8 - Extra context menu item: Formulare ausfüllen (zufällig) - hxxp://localhost:4002/cookie.cooker/fillscriptr O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Werbung blockieren - hxxp://localhost:4002/cookie.cooker/scriptwerbung O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: InterCasino Deutschland - {8CBAFC3D-456C-4993-A7E8-0A079DD184F4} - C:\Users\Andy\Desktop\InterCasino Deutschland.lnk (file missing) (HKCU) O9 - Extra 'Tools' menuitem: InterCasino Deutschland - {8CBAFC3D-456C-4993-A7E8-0A079DD184F4} - C:\Users\Andy\Desktop\InterCasino Deutschland.lnk (file missing) (HKCU) O9 - Extra button: Yukon Gold - {B5628A22-A8A3-45B9-9E29-EADF768FCE2B} - C:\Microgaming\Casino\YukonGold\casinogame.exe (HKCU) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11582 bytes |
|
11.01.2011, 18:08
| #2 |
| /// Malware-holic   | InternetExplorer öfnet sich von selbst mit werbung Systemscan mit OTL
__________________download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
11.01.2011, 21:00
| #3 |
| | InternetExplorer öfnet sich von selbst mit werbung Danke für die schnelle antwort. ging ja fix
__________________ hoffe hab alles richtig eingestelt. hier die raporte: OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.01.2011 20:31:10 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Andy\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 21,98 Gb Free Space | 18,88% Space Free | Partition Type: NTFS Drive D: | 116,05 Gb Total Space | 109,38 Gb Free Space | 94,25% Space Free | Partition Type: NTFS Computer Name: ANDY-LAPTOP | User Name: Andy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\Vpyhoa.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys File not found DRV:64bit: - (RtsUIR) -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys File not found DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys File not found DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) Logitech Webcam 200(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3612987724-1108736899-3237277213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKU\S-1-5-21-3612987724-1108736899-3237277213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKU\S-1-5-21-3612987724-1108736899-3237277213-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll File not found IE - HKU\S-1-5-21-3612987724-1108736899-3237277213-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Games Bar 1 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2452474&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Games Bar 1 Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/" FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {0f3a3a36-ddba-493e-b538-f9e52eeea9c3}:7.0 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.1 FF - prefs.js..network.proxy.backup.ftp: "localhost" FF - prefs.js..network.proxy.backup.ftp_port: 4001 FF - prefs.js..network.proxy.backup.gopher: "localhost" FF - prefs.js..network.proxy.backup.gopher_port: 4001 FF - prefs.js..network.proxy.backup.socks: "localhost" FF - prefs.js..network.proxy.backup.socks_port: 4001 FF - prefs.js..network.proxy.backup.ssl: "localhost" FF - prefs.js..network.proxy.backup.ssl_port: 4001 FF - prefs.js..network.proxy.ftp: "localhost" FF - prefs.js..network.proxy.ftp_port: 4001 FF - prefs.js..network.proxy.gopher: "localhost" FF - prefs.js..network.proxy.gopher_port: 4001 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 4001 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 4001 FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 4001 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.10 14:56:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.10 07:37:02 | 000,000,000 | ---D | M] [2010.04.02 10:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions [2010.04.02 10:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.01.10 05:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2011.01.10 04:54:59 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0} [2011.01.10 04:54:59 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2011.01.10 04:55:00 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.01.10 04:54:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.01.10 04:55:01 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2011.01.10 04:55:01 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach [2011.01.11 17:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ltg5l2y3.default\extensions [2010.11.28 10:00:14 | 000,000,000 | ---D | M] (Casino Toolbar) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ltg5l2y3.default\extensions\{0f3a3a36-ddba-493e-b538-f9e52eeea9c3} [2011.01.08 15:32:01 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ltg5l2y3.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2010.04.02 10:41:54 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ltg5l2y3.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2011.01.10 05:59:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ltg5l2y3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.01.10 16:45:38 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ltg5l2y3.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8} [2011.01.07 22:30:54 | 000,000,000 | ---D | M] (Closy) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ltg5l2y3.default\extensions\closy@gemal.dk [2011.01.09 00:02:23 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ltg5l2y3.default\extensions\firebug@software.joehewitt.com [2011.01.07 22:23:35 | 000,000,000 | ---D | M] (Linky) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ltg5l2y3.default\extensions\linky@gemal.dk [2011.01.08 22:12:03 | 000,000,000 | ---D | M] ("Page Hacker") -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ltg5l2y3.default\extensions\pagehacker-nico@nc [2010.03.24 15:11:38 | 000,000,925 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\ltg5l2y3.default\searchplugins\conduit.xml [2011.01.11 06:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.30 19:25:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.24 20:43:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.24 20:43:01 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.09.24 20:43:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.24 20:43:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.24 20:43:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll File not found O3 - HKU\S-1-5-21-3612987724-1108736899-3237277213-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll File not found O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3612987724-1108736899-3237277213-1001..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-3612987724-1108736899-3237277213-1001..\Run: [PayPal Alert] C:\Program Files (x86)\PayPal Alert\PayPal Alert.exe File not found O4 - HKU\S-1-5-21-3612987724-1108736899-3237277213-1001..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC) O4 - Startup: C:\Users\Andy Arbeitsplatz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Mcx1-ANDY-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_18-windows-i586.cab (Java Plug-in 1.3.1_18) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.01.11 20:26:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe [2011.01.11 17:17:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Andy\Desktop\HiJackThis204.exe [2011.01.11 08:35:39 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CookieCooker [2011.01.11 08:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CookieCooker [2011.01.11 06:48:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.10 17:39:41 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Opera [2011.01.10 17:39:41 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Opera [2011.01.10 17:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2011.01.10 15:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011.01.10 15:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2011.01.10 14:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.01.10 14:36:42 | 000,000,000 | ---D | C] -- C:\Navilog1 [2011.01.10 14:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Navilog1 [2011.01.10 07:23:59 | 000,221,696 | ---- | C] (Avira GmbH) -- C:\Windows\Vpyhoa.exe [2011.01.10 04:55:01 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JonDoFox [2011.01.10 04:46:19 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\JonDo [2011.01.10 04:41:19 | 000,045,175 | ---- | C] (Sun Microsystems) -- C:\Windows\SysWow64\plugincpl131_18.cpl [2011.01.10 04:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2 Runtime Environment [2011.01.10 04:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JavaSoft [2011.01.10 04:41:03 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP [2011.01.10 04:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP [2011.01.10 04:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAP [2011.01.10 04:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CookieCooker [2011.01.10 03:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cloakfish [2011.01.09 23:42:47 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Neuer Ordner [2011.01.09 17:10:17 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Windows Live [2011.01.09 15:22:54 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Brutus [2011.01.08 17:49:49 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Temporary Projects [2011.01.08 12:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio [2011.01.08 12:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio [2011.01.04 18:12:04 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2011.01.04 18:09:17 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\FileZilla [2011.01.04 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2010.12.27 02:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CasinoDevil [2010.12.20 03:00:27 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2010.12.19 21:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yukon Gold [2010.12.19 17:01:30 | 000,000,000 | ---D | C] -- C:\Users\Andy\Start Menu [2010.12.19 17:01:30 | 000,000,000 | ---D | C] -- C:\Users\Andy\Application Data [2010.12.19 17:01:30 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888casino [2010.12.19 17:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888casino [2010.12.19 17:01:25 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\CasinoOnNet [2010.12.19 17:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CasinoOnNet [2010.12.19 13:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS [2010.12.19 13:30:49 | 000,000,000 | ---D | C] -- C:\Microgaming [2010.12.18 23:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roulette Machine [2010.12.18 23:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roulette Machine [2010.12.16 23:58:43 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Roulette Machine VB [2010.12.16 00:06:03 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Roulette Machine [2010.12.15 16:30:37 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.15 16:30:36 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.15 16:30:36 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.15 16:30:36 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.15 16:30:36 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.12.15 16:30:36 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.15 16:30:36 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.12.15 16:30:36 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.12.15 16:30:24 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.15 16:30:24 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.15 16:30:24 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.15 16:30:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.15 16:30:20 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.12.15 16:30:20 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.12.15 16:30:18 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.15 16:30:10 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.15 16:30:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.15 16:30:09 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.15 16:30:09 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.15 16:30:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.15 16:30:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.15 16:30:09 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.15 16:30:08 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.15 16:30:08 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.15 16:30:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.15 16:30:08 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.15 16:30:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.15 16:30:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.15 16:30:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.09.29 06:00:53 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB431.dll [2008.12.16 13:57:14 | 000,936,192 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sftutor.dll [2008.12.16 13:57:12 | 000,579,328 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfpublish.dll [2008.12.16 13:57:10 | 001,312,512 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfmarket2.dll [2008.12.16 13:57:10 | 000,648,960 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfnetmedia.dll [2008.12.16 13:57:08 | 000,398,592 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfconfigmgr.dll [2008.12.16 13:57:06 | 000,694,528 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfapprw.dll [2008.12.16 13:56:58 | 001,423,616 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\ApplicationRegistration.exe [2008.12.16 13:56:54 | 003,175,168 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\acidxpress70k.dll [2008.12.16 13:56:52 | 006,924,544 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\acidxpress70.exe [2008.12.16 13:34:10 | 000,161,280 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfprnsim.pdd [2008.12.16 13:34:08 | 000,163,328 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfldsim.ldd [2008.12.16 13:34:06 | 000,015,872 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfcdsim.cdd [2008.12.16 13:34:04 | 000,165,376 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\fargo.pdd [2008.12.16 13:34:02 | 000,505,856 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfld.ldd [2008.12.16 13:33:58 | 000,456,704 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfcd.cdd [2008.12.16 13:33:52 | 000,241,152 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfcdfs.dll [2008.12.16 13:33:48 | 000,537,088 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfdvd.dll [2008.12.16 13:33:44 | 001,445,888 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfcdix.dll [2008.12.16 13:33:28 | 000,028,160 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfscsi.dll [2008.12.16 13:33:26 | 000,019,456 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfspti2.dll [2008.12.16 13:33:22 | 000,079,872 | ---- | C] (Sony Creative Software Inc) -- C:\Program Files (x86)\sfspti.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.11 20:34:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.01.11 20:32:07 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2011.01.11 20:32:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2011.01.11 20:30:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.11 20:28:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.01.11 20:26:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe [2011.01.11 20:01:46 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.11 20:01:46 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.11 19:55:36 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2011.01.11 19:54:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.11 19:53:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.11 19:53:19 | 2309,656,576 | -HS- | M] () -- C:\hiberfil.sys [2011.01.11 17:50:23 | 000,001,564 | ---- | M] () -- C:\Users\Andy\cookies.xml [2011.01.11 17:48:44 | 000,001,514 | ---- | M] () -- C:\Users\Andy\autosave.xml [2011.01.11 17:17:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Andy\Desktop\HiJackThis204.exe [2011.01.10 18:48:39 | 000,007,605 | ---- | M] () -- C:\Users\Andy\AppData\Local\Resmon.ResmonCfg [2011.01.10 07:23:54 | 000,221,696 | ---- | M] (Avira GmbH) -- C:\Windows\Vpyhoa.exe [2011.01.10 03:54:41 | 000,000,067 | ---- | M] () -- C:\Users\Andy\cloakfish.ini [2011.01.09 17:28:25 | 000,004,299 | ---- | M] () -- C:\Users\Andy\Documents\Real-Cashmaker1.wlmp [2011.01.09 17:06:31 | 000,111,351 | ---- | M] () -- C:\Users\Andy\Documents\Real-Cashmaker1.pptx [2011.01.09 14:45:21 | 000,679,424 | ---- | M] (HooBie Inc.) -- C:\Users\Andy\Desktop\BrutusA2.exe [2011.01.09 01:35:45 | 000,001,217 | ---- | M] () -- C:\Users\Andy\Desktop\ecmteamhackcode.exe - Verknüpfung.lnk [2011.01.08 16:46:35 | 000,021,797 | ---- | M] () -- C:\Users\Andy\Desktop\webscr.htm [2011.01.08 12:36:52 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk [2011.01.06 14:04:02 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.01.05 12:37:06 | 000,012,358 | ---- | M] () -- C:\Users\Andy\Desktop\ILEAD24.docx [2011.01.04 18:12:05 | 000,002,011 | ---- | M] () -- C:\Users\Andy\Desktop\FileZilla Client.lnk [2011.01.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job [2010.12.28 02:00:04 | 000,014,098 | ---- | M] () -- C:\Users\Andy\Desktop\Blackjack.xlsx [2010.12.19 17:01:30 | 000,002,011 | ---- | M] () -- C:\Users\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\888casino.lnk [2010.12.18 23:59:41 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Roulette Machine.lnk [2010.12.16 11:31:39 | 001,797,942 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.16 11:31:39 | 000,762,728 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.16 11:31:39 | 000,718,006 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.16 11:31:39 | 000,173,082 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.16 11:31:39 | 000,146,028 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.16 11:25:07 | 000,415,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.15 19:06:08 | 000,000,126 | ---- | M] () -- C:\Users\Andy\RouletteSettings.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.11 17:48:26 | 000,001,514 | ---- | C] () -- C:\Users\Andy\autosave.xml [2011.01.11 08:52:26 | 000,001,564 | ---- | C] () -- C:\Users\Andy\cookies.xml [2011.01.10 15:00:55 | 000,007,605 | ---- | C] () -- C:\Users\Andy\AppData\Local\Resmon.ResmonCfg [2011.01.10 07:25:28 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.01.10 07:25:14 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.01.10 07:23:55 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2011.01.10 04:41:17 | 000,036,972 | ---- | C] () -- C:\Windows\SysWow64\ActPanel.dll [2011.01.10 03:54:41 | 000,000,067 | ---- | C] () -- C:\Users\Andy\cloakfish.ini [2011.01.09 17:28:25 | 000,004,299 | ---- | C] () -- C:\Users\Andy\Documents\Real-Cashmaker1.wlmp [2011.01.09 17:06:30 | 000,111,351 | ---- | C] () -- C:\Users\Andy\Documents\Real-Cashmaker1.pptx [2011.01.09 01:35:45 | 000,001,217 | ---- | C] () -- C:\Users\Andy\Desktop\ecmteamhackcode.exe - Verknüpfung.lnk [2011.01.08 16:37:48 | 000,021,797 | ---- | C] () -- C:\Users\Andy\Desktop\webscr.htm [2011.01.08 12:36:52 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk [2011.01.05 02:12:50 | 000,012,358 | ---- | C] () -- C:\Users\Andy\Desktop\ILEAD24.docx [2011.01.04 18:12:05 | 000,002,011 | ---- | C] () -- C:\Users\Andy\Desktop\FileZilla Client.lnk [2010.12.19 17:01:30 | 000,002,011 | ---- | C] () -- C:\Users\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\888casino.lnk [2010.12.18 23:59:41 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Roulette Machine.lnk [2010.11.29 17:07:36 | 001,775,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.20 06:31:46 | 000,000,304 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.05.30 19:27:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.16 21:12:29 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.04.05 14:12:25 | 000,017,408 | ---- | C] () -- C:\Users\Andy\AppData\Local\WebpageIcons.db [2010.03.31 17:30:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.04.28 03:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll [2008.12.16 13:48:04 | 000,032,761 | ---- | C] () -- C:\Program Files (x86)\acidxpress70.zip [2008.12.16 13:23:58 | 000,368,657 | ---- | C] () -- C:\Program Files (x86)\acidxpress70.udat [2008.12.15 16:36:52 | 003,327,828 | R--- | C] () -- C:\Program Files (x86)\Let Them Stare.acd-zip [2008.12.15 11:44:50 | 000,009,585 | ---- | C] () -- C:\Program Files (x86)\ACID_Xpress_readme.htm [2008.12.03 12:12:42 | 002,446,766 | ---- | C] () -- C:\Program Files (x86)\acidxp70.tut [2008.11.25 17:10:18 | 000,185,764 | ---- | C] () -- C:\Program Files (x86)\sfcdix.cfg [2008.11.25 17:09:36 | 000,085,308 | ---- | C] () -- C:\Program Files (x86)\Sony ACID Music Studio 7 - ShuttlePRO v2.mht [2008.11.25 17:09:36 | 000,074,270 | ---- | C] () -- C:\Program Files (x86)\Sony ACID Music Studio 7 - ShuttlePRO.mht [2008.11.25 17:09:36 | 000,051,481 | ---- | C] () -- C:\Program Files (x86)\Sony ACID Music Studio 7 - ShuttleXpress.mht [2008.11.25 17:09:36 | 000,012,004 | ---- | C] () -- C:\Program Files (x86)\Sony ACID Music Studio 7 - ShuttleXpress.pref [2008.11.25 17:09:36 | 000,012,004 | ---- | C] () -- C:\Program Files (x86)\Sony ACID Music Studio 7 - ShuttlePRO.pref [2008.11.25 17:09:36 | 000,012,004 | ---- | C] () -- C:\Program Files (x86)\Sony ACID Music Studio 7 - ShuttlePRO v2.pref [2008.11.25 17:09:36 | 000,000,360 | ---- | C] () -- C:\Program Files (x86)\acidxpress70.oemdat [2008.11.25 10:11:42 | 000,049,152 | ---- | C] () -- C:\Program Files (x86)\OpcPcmImporter.dll [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll ========== LOP Check ========== [2010.05.21 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Any DVD Clone [2011.01.09 01:45:14 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Azureus [2010.12.19 18:15:56 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\CasinoOnNet [2011.01.09 12:49:51 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\FileZilla [2010.04.18 20:02:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\foobar2000 [2010.09.28 15:46:36 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\gtk-2.0 [2010.12.07 15:54:40 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\InnoIDE [2011.01.10 05:10:27 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\JonDo [2010.04.04 02:43:50 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech [2011.01.11 19:54:15 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\LimeWire [2010.08.15 14:22:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MAGIX [2010.08.17 22:59:57 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\NetMedia Providers [2011.01.10 17:39:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Opera [2010.06.09 16:41:24 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PhotoScape [2010.08.17 23:01:19 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Publish Providers [2010.09.27 18:38:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Sony [2010.03.31 13:59:30 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Toshiba [2010.08.03 19:06:11 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Ubisoft [2010.04.02 14:14:30 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\WildTangent [2011.01.11 08:16:36 | 000,000,000 | ---D | M] -- C:\Users\Andy Arbeitsplatz\AppData\Roaming\JonDo [2011.01.11 08:59:06 | 000,000,000 | ---D | M] -- C:\Users\Andy Arbeitsplatz\AppData\Roaming\Opera [2010.04.19 20:08:50 | 000,000,000 | ---D | M] -- C:\Users\Andy Arbeitsplatz\AppData\Roaming\Toshiba [2010.08.15 00:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2011.01.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2010.12.26 02:52:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.11 20:34:03 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.01.11 20:32:03 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2011.01.11 19:55:36 | 000,000,244 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2011.01.11 20:32:07 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2011.01.11 20:28:03 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.04.05 17:54:53 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Adobe [2010.05.21 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Any DVD Clone [2010.03.31 15:56:36 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Avira [2011.01.09 01:45:14 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Azureus [2010.12.19 18:15:56 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\CasinoOnNet [2010.09.27 18:38:52 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DivX [2010.10.02 09:33:20 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\dvdcss [2011.01.09 12:49:51 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\FileZilla [2010.04.18 20:02:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\foobar2000 [2010.03.31 13:59:50 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Google [2010.09.28 15:46:36 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\gtk-2.0 [2010.03.31 13:54:36 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Identities [2010.12.07 15:54:40 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\InnoIDE [2011.01.10 05:10:27 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\JonDo [2010.04.04 02:43:50 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech [2011.01.11 19:54:15 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\LimeWire [2009.09.08 09:13:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Macromedia [2010.08.15 14:22:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MAGIX [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Media Center Programs [2010.11.29 17:11:32 | 000,000,000 | --SD | M] -- C:\Users\Andy\AppData\Roaming\Microsoft [2010.12.02 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Microsoft Corporation [2010.03.31 14:07:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla [2010.04.02 10:41:19 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Nero [2010.08.17 22:59:57 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\NetMedia Providers [2011.01.10 17:39:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Opera [2010.06.09 16:41:24 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PhotoScape [2010.08.17 23:01:19 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Publish Providers [2010.09.22 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Skype [2010.09.22 18:29:59 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\skypePM [2010.09.27 18:38:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Sony [2010.03.31 13:59:30 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Toshiba [2010.06.20 15:54:13 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\U3 [2010.08.03 19:06:11 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Ubisoft [2010.12.10 08:12:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\vlc [2010.04.02 14:14:30 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\WildTangent < %APPDATA%\*.exe /s > [2010.11.08 19:18:02 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Andy\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2010.07.11 19:41:08 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\Andy\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe [2010.07.11 19:41:09 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\Andy\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe [2010.07.11 19:41:09 | 000,014,848 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe [2010.07.11 19:41:09 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\Andy\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe [2010.07.11 19:41:09 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\Andy\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe [2010.07.11 19:41:09 | 000,018,432 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe [2010.07.11 19:41:09 | 000,014,336 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe [2010.07.11 19:41:09 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\Andy\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe [2010.07.11 19:41:09 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\Andy\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe [2009.08.05 17:37:36 | 000,038,208 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.09.27 18:36:18 | 000,010,134 | R--- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe [2010.12.09 23:11:28 | 000,032,038 | R--- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{15AB8300-C488-4787-B5BD-C1B0B342357E}\_0CB46B6ECD2E1E4F8E3696.exe [2010.12.09 23:11:29 | 000,032,038 | R--- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{15AB8300-C488-4787-B5BD-C1B0B342357E}\_69764F3BD3EC252A62CDDE.exe [2010.04.04 21:32:29 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{3571656A-575D-4CED-809D-5547587121FF}\NewShortcut8.EXE [2011.01.10 04:55:01 | 000,182,100 | ---- | M] (JonDos GmbH) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\uninstall.exe [2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\U3\temp\cleanup.exe [2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Andy\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:264B2CC4 < End of report > OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.01.2011 20:31:10 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Andy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 21,98 Gb Free Space | 18,88% Space Free | Partition Type: NTFS
Drive D: | 116,05 Gb Total Space | 109,38 Gb Free Space | 94,25% Space Free | Partition Type: NTFS
Computer Name: ANDY-LAPTOP | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3612987724-1108736899-3237277213-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07432A2E-364B-4D9F-99E4-6DAC39E28FA5}_is1" = Roulette Cheat Version Roulette Cheat 1.0
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15AB8300-C488-4787-B5BD-C1B0B342357E}" = Roulette Cash System
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1C4C5C53-D960-4E1C-96A6-F6B52EA43A45}" = ACID Xpress 7.0
"{1E8BAA74-62A9-421D-A61F-164C7C3943E9}_is1" = InnoIDE 1.0.0.67
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{300DFCBA-348B-4FD6-AE50-1D3CDFEE6314}" = MAGIX Speed burnR (MSI)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{68249B78-B714-11D7-88E8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition 1.3.1_18
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AE229F5-0BB0-4F41-A099-C024D30BC584}_is1" = ROULETTE CHEAT Version ROULETTE CHEAT 1.0
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DAA90CBC-A2A8-4774-8E9D-2855CDFFFD0A}_is1" = Roulette Machine Version 1.00
"{E04D1AC1-B3AF-4C1A-B7E0-B37A058271CE}" = MAGIX Screenshare
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f19f2848-3edd-4d8b-b6d4-00b3b392fb65}" = Nero 9 Lite
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"888casino" = 888casino
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any DVD Clone_is1" = Any DVD Clone 1.2.2
"ArtIcons Pro" = ArtIcons Pro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"CanonMyPrinter" = Canon Utilities My Printer
"Centrebet Casino" = Centrebet Casino
"CloneDVD2" = CloneDVD2
"CookieCooker" = CookieCooker
"DivX Setup.divx.com" = DivX-Setup
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"foobar2000" = foobar2000 v1.0.2.1
"Google Chrome" = Google Chrome
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inno Setup 5_is1" = Inno Setup QuickStart Pack version 5.4.0
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InterCasinoV9GermanEUR" = InterCasino
"JAP" = JAP
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"Kronen-Design_is1" = Kronen-Design 1.62b Shareware
"LimeWire" = LimeWire 5.5.8
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Opera 11.00.1156" = Opera 11.00
"PhotoScape" = PhotoScape
"Security Task Manager" = Security Task Manager 1.8c
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.16.2.6
"VLC media player" = VLC media player 1.0.5
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Warcraft III" = Warcraft III
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
"World Best Roulette System Demo Version Centrebet" = World Best Roulette System Demo Version Centrebet 1.0.0.1
"X-Force_is1" = X-Force: Fight For Destiny V0.915b03
"yukongold" = Yukon Gold
"Zattoo4" = Zattoo4 4.0.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3612987724-1108736899-3237277213-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"292c978bd2e4ca9b" = Roulette Machine
"32 Vegas Casino" = 21Nova Casino
"696c60d0e567ad5b" = Roulette Cheat2
"Casino King" = Casino King
"Casino.com" = Casino.com
"City Club Casino" = City Club Casino
"EuroGrand Casino" = EuroGrand Casino
"Europa Casino" = Europa Casino
"FileZilla Client" = FileZilla Client 3.2.7.1
"Joyland Casino" = Joyland Casino
"Noble Casino" = Noble Casino
"Prestige Casino" = Prestige Casino
"Swiss Casino" = Swiss Casino
"William Hill CASINO CLUB" = William Hill CASINO CLUB
"Winner Casino" = Winner Casino
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.01.2011 13:20:01 | Computer Name = Andy-Laptop | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 09.01.2011 18:06:42 | Computer Name = Andy-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.01.2011 18:06:42 | Computer Name = Andy-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.01.2011 18:29:35 | Computer Name = Andy-Laptop | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile 3. Die im Manifest gefundene
Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis:
Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0". Definition:
Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 09.01.2011 22:23:29 | Computer Name = Andy-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.01.2011 22:23:29 | Computer Name = Andy-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.01.2011 23:43:02 | Computer Name = Andy-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andy\Downloads\SoftonicDownloader_fuer_jap.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 10.01.2011 00:14:39 | Computer Name = Andy-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andy\Downloads\SoftonicDownloader_fuer_jap.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 10.01.2011 00:39:50 | Computer Name = Andy-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 10.01.2011 00:39:50 | Computer Name = Andy-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Media Center Events ]
Error - 05.04.2010 08:52:05 | Computer Name = Andy-TOSH | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
Error - 05.04.2010 08:52:19 | Computer Name = Andy-TOSH | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
Error - 05.04.2010 08:53:51 | Computer Name = Andy-TOSH | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =
Error - 05.04.2010 08:54:23 | Computer Name = Andy-TOSH | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
Error - 05.04.2010 08:54:33 | Computer Name = Andy-TOSH | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
Error - 18.04.2010 03:48:57 | Computer Name = Andy-Laptop | Source = MCUpdate | ID = 0
Description = 09:48:57 - Fehler beim Herstellen der Internetverbindung. 09:48:57
- Serververbindung konnte nicht hergestellt werden..
Error - 18.04.2010 03:49:11 | Computer Name = Andy-Laptop | Source = MCUpdate | ID = 0
Description = 09:49:02 - Fehler beim Herstellen der Internetverbindung. 09:49:02
- Serververbindung konnte nicht hergestellt werden..
Error - 25.04.2010 04:38:17 | Computer Name = Andy-Laptop | Source = MCUpdate | ID = 0
Description = 10:38:16 - Fehler beim Herstellen der Internetverbindung. 10:38:17
- Serververbindung konnte nicht hergestellt werden..
Error - 25.04.2010 04:38:29 | Computer Name = Andy-Laptop | Source = MCUpdate | ID = 0
Description = 10:38:23 - Fehler beim Herstellen der Internetverbindung. 10:38:23
- Serververbindung konnte nicht hergestellt werden..
Error - 26.05.2010 05:18:17 | Computer Name = Andy-Laptop | Source = MCUpdate | ID = 0
Description = 11:18:17 - Fehler beim Herstellen der Internetverbindung. 11:18:17
- Serververbindung konnte nicht hergestellt werden..
< End of report >
--- --- --- |
|
11.01.2011, 21:05
| #4 |
| /// Malware-holic | InternetExplorer öfnet sich von selbst mit werbung edit: ich sehe es mir an
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2011, 21:13
| #5 |
| /// Malware-holic | InternetExplorer öfnet sich von selbst mit werbung • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Windows\Vpyhoa.exe (Avira GmbH) [2011.01.10 07:23:59 | 000,221,696 | ---- | C] (Avira GmbH) -- C:\Windows\Vpyhoa.exe [2011.01.11 20:34:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.01.11 20:32:07 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2011.01.11 20:32:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2011.01.11 20:28:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.01.11 19:55:36 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2011, 23:12
| #6 |
| | InternetExplorer öfnet sich von selbst mit werbung danke. ist jetzt alles wider I.O.? raport von OTL: All processes killed ========== OTL ========== Process Vpyhoa.exe killed successfully! C:\Windows\Vpyhoa.exe moved successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully. C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Andy ->Flash cache emptied: 96479 bytes User: Andy Arbeitsplatz ->Flash cache emptied: 42694 bytes User: AppData User: Default ->Flash cache emptied: 41044 bytes User: Default User ->Flash cache emptied: 0 bytes User: Mcx1-ANDY-TOSH ->Flash cache emptied: 41044 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Andy ->Temp folder emptied: 1186052664 bytes ->Temporary Internet Files folder emptied: 86657390 bytes ->Java cache emptied: 1473805 bytes ->FireFox cache emptied: 122379707 bytes ->Google Chrome cache emptied: 8780467 bytes ->Opera cache emptied: 3310979 bytes ->Flash cache emptied: 0 bytes User: Andy Arbeitsplatz ->Temp folder emptied: 456707 bytes ->Temporary Internet Files folder emptied: 201886 bytes ->FireFox cache emptied: 80957787 bytes ->Opera cache emptied: 1766721 bytes ->Flash cache emptied: 0 bytes User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Mcx1-ANDY-TOSH ->Temp folder emptied: 516 bytes ->Temporary Internet Files folder emptied: 1891367 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 235177024 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 4864744 bytes Total Files Cleaned = 1.654,00 mb OTL by OldTimer - Version 3.2.20.1 log created on 01112011_230005 Files\Folders moved on Reboot... C:\Users\Andy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
11.01.2011, 23:40
| #7 |
| |  InternetExplorer öfnet sich von selbst mit werbung Scheint wieder I.O. zu sein.  herzlichen dank MARKUSG für deine bemüungen und fachkompetenz. Natürlich auch ein danke an TROJANER-BOARD.DE ihr seit klasse!!!!! |
|
12.01.2011, 14:05
| #8 |
| /// Malware-holic | InternetExplorer öfnet sich von selbst mit werbung kein problem, weiter gehts. download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
sorry.....
