Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.01.2011, 21:19   #1
JeyB
 
Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... - Beitrag

Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...



Hallo,
mein Windows update funktioniert nicht folgender Fehler wird angezeigt:
"Die suche nach updates nicht möglich code 80072EFE."

Wenn ich auf google etwas als Suchbegriff eingebe und anschließend auf einen Link drücke,werde ich auf irgendwelche Seiten geschickt,wobei gleichzeitig mein Antivrius Programm eintritt und sagt das es ein Virus fund gab!

Außerdem wird mein Hostprozess immer geschloßen und ich habe dann nicht mehr das Aero-Design auf der Taskleiste.

Ich vermute das alles in gewisser weise zusammen gehört...
für eure Hilfe


HIJACK LOGFILE:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:22, on 13.01.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\RouterControl\RouterControl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Mustermann\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Mustermann\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://de.rd.yahoo.com/customize/ycomp/defaults/sp/*h**p://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://de.rd.yahoo.com/customize/ycomp/defaults/su/h***p://de.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [tsnp2uvc] C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 8477 bytes

Alt 14.01.2011, 10:52   #2
markusg
/// Malware-holic
 
Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... - Standard

Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...



richtig vermutet :-)

Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
__________________

__________________

Alt 14.01.2011, 15:23   #3
JeyB
 
Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... - Beitrag

Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.01.2011 13:01:41 - Run 1
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\Jonathan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.011,00 Mb Total Physical Memory | 284,00 Mb Available Physical Memory | 28,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 28,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 49,70 Gb Free Space | 34,48% Space Free | Partition Type: NTFS
 
Computer Name: JONATHAN-PC | User Name: Jonathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.14 12:32:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
PRC - [2010.12.19 11:34:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.19 11:33:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.12.08 12:31:34 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.23 17:46:30 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Jonathan\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010.11.03 14:15:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.03 14:15:22 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.08 14:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010.07.29 08:50:16 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.07.29 08:47:08 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.04.30 16:24:58 | 009,210,400 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.19 01:12:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.08.24 14:50:46 | 001,190,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009.05.19 12:49:00 | 003,449,344 | ---- | M] (Mirko Böer) -- C:\Program Files\RouterControl\RouterControl.exe
PRC - [2009.05.18 12:36:38 | 000,241,664 | ---- | M] () -- C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe
PRC - [2009.05.18 12:34:12 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007.02.09 05:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
PRC - [2007.02.06 23:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.02.06 23:04:16 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007.01.31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.01.24 09:27:50 | 000,319,488 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2006.12.29 16:51:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.01.14 12:32:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
MOD - [2010.03.05 15:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2009.04.11 07:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2009.04.11 07:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009.04.11 07:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009.04.11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 08:36:49 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2008.01.19 08:36:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
MOD - [2008.01.19 08:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Unknown | Stopped] --  -- (MSDTC)
SRV - [2010.12.08 12:31:34 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.21 12:54:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.11.03 14:15:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.29 08:50:16 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.02.06 23:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.01.31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.12.29 16:51:56 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.12.20 13:35:37 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.25 20:10:33 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.20 15:41:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.06.14 01:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.30 15:59:12 | 003,086,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.04.27 03:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.04.27 03:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.04.27 03:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.03.22 17:04:40 | 000,262,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.03.09 10:01:54 | 000,130,672 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010.02.03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.01.29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.05.20 15:15:32 | 003,485,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.03.26 10:14:34 | 000,021,000 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2008.06.30 19:12:08 | 000,923,648 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.06.18 12:38:20 | 002,307,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.04.25 02:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.10.25 16:26:10 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007.06.16 01:47:39 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007.04.20 13:15:46 | 000,447,864 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007.02.06 23:04:54 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007.02.06 23:04:50 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007.02.06 23:04:48 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007.01.22 09:09:08 | 000,046,592 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.01.22 08:11:00 | 000,056,832 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1027.sys -- (RDID1027)
DRV - [2006.12.07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2004.04.01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.06.15 02:02:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.19 11:34:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.19 11:34:21 | 000,000,000 | ---D | M]
 
[2010.06.02 20:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Extensions
[2010.06.02 16:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.01.12 16:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Firefox\Profiles\r4loksna.default\extensions
[2010.08.15 10:41:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Firefox\Profiles\r4loksna.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.15 10:41:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Firefox\Profiles\r4loksna.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.06.27 09:59:19 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jonathan\AppData\Roaming\mozilla\Firefox\Profiles\r4loksna.default\extensions\personas@christopher.beard
[2010.06.20 15:42:46 | 000,002,059 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r4loksna.default\searchplugins\daemon-search.xml
[2011.01.11 12:27:33 | 000,001,056 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r4loksna.default\searchplugins\icqplugin.xml
[2010.06.06 12:17:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.19 11:34:20 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.12.19 11:33:16 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2010.12.19 11:33:17 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
[2010.12.19 11:34:04 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2007.03.22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010.09.25 10:11:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
[2010.09.25 10:11:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
[2010.09.25 10:11:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
[2010.09.25 10:11:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
[2010.09.25 10:11:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
[2010.09.25 10:11:43 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
[2010.09.25 10:11:43 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
[2010.12.19 11:34:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.19 11:34:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.19 11:34:11 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010.12.19 11:34:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.19 11:34:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.19 11:34:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.07 16:10:27 | 000,001,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tsnp2uvc] C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE (Mirko Böer)
O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2344705924-3710703872-1417094863-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.248 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d6a7ceb-7dfc-11df-b761-001e68eb1c70}\Shell - "" = AutoRun
O33 - MountPoints2\{0d6a7ceb-7dfc-11df-b761-001e68eb1c70}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{3f4f8112-9e65-11df-934a-001e68eb1c70}\Shell - "" = AutoRun
O33 - MountPoints2\{3f4f8112-9e65-11df-934a-001e68eb1c70}\Shell\AutoRun\command - "" = F:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.14 12:31:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
[2011.01.13 21:11:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.01.08 22:09:00 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Malwarebytes
[2011.01.08 22:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.08 22:08:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.08 22:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.08 22:08:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.08 22:08:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.07 13:10:29 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\TuneUp Software
[2011.01.07 13:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.01.07 13:04:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.01.05 21:24:23 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Meine empfangenen Dateien
[2010.12.30 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\My Art
[2010.12.30 18:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio
[2010.12.30 18:10:51 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys
[2010.12.30 18:10:51 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys
[2010.12.30 18:10:51 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys
[2010.12.30 18:10:50 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys
[2010.12.30 18:10:50 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys
[2010.12.30 18:10:50 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys
[2010.12.30 18:10:50 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys
[2010.12.30 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\My NPS Files
[2010.12.30 18:02:37 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Samsung
[2010.12.30 16:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010.12.30 16:26:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.12.30 15:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2010.12.30 15:39:45 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Steinberg
[2010.12.30 15:26:34 | 101,519,294 | ---- | C] () -- C:\Users\Jonathan\NYo-LSWEB.rar
[2010.12.29 19:41:47 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\CUbase
[2010.08.10 08:56:43 | 000,000,680 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\d3d9caps.dat
[2010.07.03 16:27:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.06.13 19:53:48 | 000,017,408 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\WebpageIcons.db
[2010.06.02 21:19:12 | 003,295,468 | -H-- | C] () -- C:\Users\Jonathan\AppData\Local\IconCache.db
[2010.06.02 20:58:01 | 000,089,280 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.02 20:57:23 | 000,095,232 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.02 20:40:06 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2010.06.02 10:44:05 | 000,239,616 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007.06.16 01:39:13 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2006.11.02 13:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.14 12:32:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
[2011.01.14 12:32:15 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.14 12:28:52 | 000,004,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.14 12:28:51 | 000,004,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.14 12:28:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.13 21:37:19 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011.01.13 21:37:14 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.13 21:35:50 | 1061,109,760 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.13 20:17:51 | 000,203,608 | ---- | M] () -- C:\Users\Jonathan\Desktop\TPS+2++.pdf
[2011.01.13 20:13:26 | 000,181,461 | ---- | M] () -- C:\Users\Jonathan\Desktop\TPS+2.pdf
[2011.01.13 20:13:12 | 000,197,128 | ---- | M] () -- C:\Users\Jonathan\Desktop\TPS+1.pdf
[2011.01.13 19:51:26 | 000,027,136 | ---- | M] () -- C:\Users\Jonathan\Documents\Aufgabe Nummer 2.doc
[2011.01.11 21:11:13 | 000,212,871 | ---- | M] () -- C:\Users\Jonathan\Desktop\S8300_TkFileExplorer_2.2.rar
[2011.01.11 19:11:25 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.11 19:11:25 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.11 19:11:25 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.11 19:11:25 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.09 13:49:51 | 002,471,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.09 00:35:59 | 000,095,232 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 00:34:03 | 000,300,263 | ---- | M] () -- C:\Users\Jonathan\Desktop\Coloringbook.wmv
[2011.01.08 22:08:30 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.05 19:58:46 | 049,783,417 | ---- | M] () -- C:\Users\Jonathan\Desktop\Video0021.mp4
[2010.12.30 18:28:17 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.12.30 15:47:53 | 101,519,294 | ---- | M] () -- C:\Users\Jonathan\NYo-LSWEB.rar
[2010.12.30 00:27:29 | 000,900,015 | ---- | M] () -- C:\Windows\System32\TmpA1599259
[2010.12.29 23:48:55 | 173,838,160 | ---- | M] () -- C:\Users\Jonathan\Desktop\New_PC_Studio_1.5.1.10064_2.exe
[2010.12.29 19:20:11 | 009,408,088 | ---- | M] () -- C:\Users\Jonathan\Desktop\Composition_1_.wav
[2010.12.29 16:36:37 | 000,000,680 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\d3d9caps.dat
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.20 13:35:37 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.18 15:06:10 | 000,168,250 | ---- | M] () -- C:\Users\Jonathan\Desktop\04img_1911y07.jpg
 
========== Files Created - No Company Name ==========
 
[2011.01.13 21:21:04 | 000,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
[2011.01.13 20:17:33 | 000,203,608 | ---- | C] () -- C:\Users\Jonathan\Desktop\TPS+2++.pdf
[2011.01.13 20:13:25 | 000,181,461 | ---- | C] () -- C:\Users\Jonathan\Desktop\TPS+2.pdf
[2011.01.13 20:12:50 | 000,197,128 | ---- | C] () -- C:\Users\Jonathan\Desktop\TPS+1.pdf
[2011.01.11 21:11:12 | 000,212,871 | ---- | C] () -- C:\Users\Jonathan\Desktop\S8300_TkFileExplorer_2.2.rar
[2011.01.10 18:40:27 | 000,027,136 | ---- | C] () -- C:\Users\Jonathan\Documents\Aufgabe Nummer 2.doc
[2011.01.09 00:32:47 | 000,300,263 | ---- | C] () -- C:\Users\Jonathan\Desktop\Coloringbook.wmv
[2011.01.08 22:08:30 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.30 18:28:17 | 000,001,927 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.12.30 00:27:29 | 000,900,015 | ---- | C] () -- C:\Windows\System32\TmpA1599259
[2010.12.29 23:32:15 | 173,838,160 | ---- | C] () -- C:\Users\Jonathan\Desktop\New_PC_Studio_1.5.1.10064_2.exe
[2010.12.18 15:05:33 | 000,168,250 | ---- | C] () -- C:\Users\Jonathan\Desktop\04img_1911y07.jpg
[2010.12.15 16:47:12 | 049,783,417 | ---- | C] () -- C:\Users\Jonathan\Desktop\Video0021.mp4
[2010.07.06 13:28:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\RdCi1027.dll
[2010.06.27 21:07:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.23 15:39:30 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.23 15:39:29 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.06.20 15:41:43 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.06.03 10:35:14 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.02 20:40:06 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.06.02 20:40:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.06.02 20:40:05 | 003,485,952 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.06.02 20:40:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2010.06.02 20:39:27 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.06.01 16:57:19 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2010.06.01 16:57:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2010.05.18 00:47:52 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.08.16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.05.29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.06.16 11:36:29 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.06.16 09:54:27 | 000,000,622 | ---- | C] () -- C:\Windows\generic.ini
[2007.06.16 09:54:27 | 000,000,099 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.06.16 01:39:13 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.02.06 22:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.02.06 22:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.02.06 22:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.02.06 22:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.02.06 22:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.02.06 22:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.12.26 14:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 21:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 14:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 20:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010.06.05 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Canneverbe Limited
[2010.07.14 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Canon
[2010.06.22 13:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DAEMON Tools Lite
[2010.06.20 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DAEMON Tools Pro
[2010.11.01 10:25:17 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\GlarySoft
[2011.01.13 21:42:03 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\ICQ
[2010.06.27 09:07:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Opera
[2010.07.06 13:17:49 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Propellerhead Software
[2010.08.05 10:48:16 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Publish Providers
[2010.08.17 11:14:41 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\RouterControl
[2010.12.30 18:02:58 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Samsung
[2010.11.07 12:04:23 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Sony
[2010.12.30 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Steinberg
[2010.09.05 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\TeamViewer
[2011.01.07 13:10:29 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\TuneUp Software
[2010.06.02 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\VistaCodecs
[2011.01.13 21:37:19 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011.01.13 21:34:28 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.26 21:28:20 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Adobe
[2010.06.11 12:30:57 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\AdobeUM
[2010.07.13 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Avira
[2010.06.05 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Canneverbe Limited
[2010.07.14 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Canon
[2010.06.22 13:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DAEMON Tools Lite
[2010.06.20 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DAEMON Tools Pro
[2010.08.10 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DivX
[2010.11.01 10:25:17 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\GlarySoft
[2011.01.13 21:42:03 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\ICQ
[2010.06.02 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Identities
[2010.06.02 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\InstallShield
[2010.06.02 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Macromedia
[2011.01.08 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Media Center Programs
[2010.12.30 18:33:14 | 000,000,000 | --SD | M] -- C:\Users\Jonathan\AppData\Roaming\Microsoft
[2010.06.02 20:05:18 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Mozilla
[2010.06.27 09:07:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Opera
[2010.07.06 13:17:49 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Propellerhead Software
[2010.08.05 10:48:16 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Publish Providers
[2010.08.17 11:14:41 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\RouterControl
[2010.12.30 18:02:58 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Samsung
[2011.01.13 21:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Skype
[2011.01.13 21:41:13 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\skypePM
[2010.11.07 12:04:23 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Sony
[2010.12.30 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Steinberg
[2010.09.05 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\TeamViewer
[2011.01.07 13:10:29 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\TuneUp Software
[2010.06.02 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\VistaCodecs
[2010.06.02 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.19 06:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.01.19 05:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.06.09 16:19:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010.06.09 16:19:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010.06.09 16:19:19 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.08.27 04:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.08.27 03:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2010.06.09 16:19:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.02.15 05:05:25 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2010.06.05 02:19:04 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.02.15 05:06:38 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2010.06.05 02:19:04 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.20 15:41:43 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2010.06.02 20:38:55 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2010.06.02 20:38:50 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2010.06.02 20:38:55 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2010.06.02 20:39:16 | 015,740,928 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2010.06.02 20:39:21 | 006,045,696 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Jonathan\Desktop\Video0021.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Jonathan\Desktop\Maennertrip.TS.MD.avi:TOC.WMV

< End of report >
         
--- --- ---

< MD5 for: [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (MICROSOFT CORPORATION) >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

< MD5 for: [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) >
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (MICROSOFT CORPORATION) >
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (MICROSOFT CORPORATION) >
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< MD5 for: [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (MICROSOFT CORPORATION) >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (MICROSOFT CORPORATION) >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

< MD5 for: [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (MICROSOFT CORPORATION) >
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (MICROSOFT CORPORATION) >
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

< MD5 for: [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (MICROSOFT CORPORATION) >
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (MICROSOFT CORPORATION) >
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA CORPORATION) >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (INTEL CORPORATION) >
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: [2007.02.15 05:05:25 | 000,633,856 | ---- | M] (MICROSOFT CORPORATION) >
[2007.02.15 05:05:25 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

< MD5 for: [2007.02.15 05:06:38 | 000,633,856 | ---- | M] (MICROSOFT CORPORATION) >
[2007.02.15 05:06:38 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

< MD5 for: [2007.08.27 03:01:58 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) >
[2007.08.27 03:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe

< MD5 for: [2007.08.27 04:10:03 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) >
[2007.08.27 04:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe

< MD5 for: [2008.01.19 05:33:23 | 000,021,560 | ---- | M] (MICROSOFT CORPORATION) >
[2008.01.19 05:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a9 3da31a8b\atapi.sys

< MD5 for: [2008.01.19 06:06:48 | 000,021,560 | ---- | M] (MICROSOFT CORPORATION) >
[2008.01.19 06:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a44 2479c42c\atapi.sys

< MD5 for: [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (MICROSOFT CORPORATION) >
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< MD5 for: [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION) >
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (MICROSOFT CORPORATION) >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (MICROSOFT CORPORATION) >
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (MICROSOFT CORPORATION) >
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (MICROSOFT CORPORATION) >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< MD5 for: [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (MICROSOFT CORPORATION) >
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (MICROSOFT CORPORATION) >
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

< MD5 for: [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA CORPORATION) >
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (MICROSOFT CORPORATION) >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< MD5 for: [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (INTEL CORPORATION) >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

< MD5 for: [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) >
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

< MD5 for: [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

< MD5 for: [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION) >
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

< MD5 for: [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (MICROSOFT CORPORATION) >
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) -- C:\$WINDOWS.~Q\DATA\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

< MD5 for: [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (MICROSOFT CORPORATION) >
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

< MD5 for: [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (MICROSOFT CORPORATION) >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

< MD5 for: [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (MICROSOFT CORPORATION) >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< MD5 for: [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (MICROSOFT CORPORATION) >
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (MICROSOFT CORPORATION) >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

< MD5 for: [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (MICROSOFT CORPORATION) >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

< MD5 for: [2010.06.05 02:19:04 | 000,633,856 | ---- | M] (MICROSOFT CORPORATION) >
[2010.06.05 02:19:04 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2010.06.05 02:19:04 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

< MD5 for: [2010.06.09 16:19:19 | 002,927,616 | ---- | M] (MICROSOFT CORPORATION) >
[2010.06.09 16:19:19 | 002,927,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

< MD5 for: [2010.06.09 16:19:24 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION) >
[2010.06.09 16:19:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

< MD5 for: [2010.06.09 16:19:28 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) >
[2010.06.09 16:19:28 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

< MD5 for: [2010.06.09 16:19:32 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION) >
[2010.06.09 16:19:32 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.20 15:41:43 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2010.06.02 20:38:55 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2010.06.02 20:38:50 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2010.06.02 20:38:55 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2010.06.02 20:39:16 | 015,740,928 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2010.06.02 20:39:21 | 006,045,696 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< End of report >


DANKE FÜR DEINE HILFE
__________________

Alt 14.01.2011, 15:28   #4
JeyB
 
Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... - Standard

Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.01.2011 13:01:41 - Run 1
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\Jonathan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.011,00 Mb Total Physical Memory | 284,00 Mb Available Physical Memory | 28,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 28,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 49,70 Gb Free Space | 34,48% Space Free | Partition Type: NTFS
 
Computer Name: JONATHAN-PC | User Name: Jonathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C3F87B9-EB4D-4439-B262-068319EE2D45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E4935003-13CB-4E48-B88E-FCFC9DC21731}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115D1-7305-4DD0-AEFB-17068B68C7CF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{0A238D9D-FBFF-477A-9609-31CC47EA8234}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{130E792F-3CED-47CC-9CF0-AADD313D22D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13D06D3C-2B26-4154-8572-CD45A84A7554}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1F991B79-95FA-4AC6-8ED8-027ECFF3BE69}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2AC59A1C-CA97-439E-A477-0D6B337528A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3504A079-1B8D-46A2-932D-1705CFEB498D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4592B300-E14E-4978-B518-58ADABBD1D9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58B5C549-3F91-4CC7-AF60-3E6C619EEC73}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{5BE0903E-8961-4905-A868-73A0440DE817}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C917325-E2A2-49C1-A7CC-73BBC9F3BA32}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{5CB3339E-C295-452B-BBE6-7C0A384703D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{63C3B3F1-4C47-4CF7-AB24-AE9D2E208BD8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C7BA3CF-34CC-47AF-8FA3-406793E0DD6C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{6D0FE4C2-3B56-401B-84C1-4C9EB3B26187}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{7751C4CD-DFAF-4BA4-9CA2-4E2B9BEC9558}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{789C41D7-FA46-450F-9905-01B7E72A55D9}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{8039D176-52C9-4647-B6E5-E6060D2C58E1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{80D362C8-CF6C-4B24-BD8D-706D08AE3717}" = dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe | 
"{8E5014C0-D009-472D-8BAF-D1D83E8FA932}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe | 
"{91664178-DB64-421A-BCF0-D5B29611E49F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{95A5E5FC-C067-4446-83E9-5227860E189A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B669B00-4BCF-4860-888B-D7DE65141F05}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A5C951F5-761A-4EE4-993B-A8CADA085929}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A999D38D-45D8-46C2-9A97-93AE5B796EFA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{AEAE0FC8-F036-498B-962B-564818B91062}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0655549-766F-4CA1-8B10-BC8F6C5B017C}" = dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe | 
"{B19128AE-7F9F-47CB-AC3C-D181242D79E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B2650ABB-1D49-49B9-827A-3A3F6DCD62FE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{BA88FC55-32E6-4050-9AFF-CFBB0A6D9BD7}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{BF80D1D0-F229-4B96-AF1E-BF32E634A432}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3B7A310-78FD-4249-87ED-395F337C6A25}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe | 
"{C7435CF2-8EDA-4389-B5AD-4F44A810F054}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7937012-A20E-4698-81F9-5426EEF0C860}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C889386A-B8CF-462D-B8C3-489D881C1F5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA6834B0-1C44-4E6C-BB56-30BEF04366AE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{CF075182-E0E9-4FBF-93AF-D9F35682CB2C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D1DCE366-BC26-4D1F-A78B-1ECDF9418C62}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{E04E88A9-B3C1-484E-A788-C165893BFF80}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E530B402-7DD4-4C57-A9D6-A6D0BA798BDE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E92F2386-68BC-4A92-BFBC-D3098693EC82}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E94F36DE-C9F4-49CD-96CB-B6E7DB128B24}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{EE24A907-6A41-4246-822E-DCEEF032A24E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FABD412A-499E-4380-827C-EEDF4319C046}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"TCP Query User{38D7D715-C42F-426E-A033-AA41C07A58FD}C:\program files\samsung\samsung new pc studio\npsdmpplayer.exe" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsdmpplayer.exe | 
"TCP Query User{9977505E-CB8E-4047-B865-A46316606493}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{AB287ADE-CD19-4C1C-9B0B-DB0B60E42FC0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{D3CBEFDC-4139-423F-A05D-B73863526DF0}E:\empires.exe" = protocol=6 | dir=in | app=e:\empires.exe | 
"UDP Query User{0D0348E9-B812-4F26-8564-2D9678FF83A5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{247EAACE-14D1-442E-8D5E-D7895B30D365}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{2C9377F1-73B8-4E54-BE16-7AFA8D2E4401}E:\empires.exe" = protocol=17 | dir=in | app=e:\empires.exe | 
"UDP Query User{A8CBC6DF-19B2-40FD-A00C-E482CCABEE2F}C:\program files\samsung\samsung new pc studio\npsdmpplayer.exe" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsdmpplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797A536D-7F3A-4FC8-94FB-B36E108BF33A}" = TheWesterner
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Dynamic-Photo HDR 4 (Trial)_is1" = Dynamic-Photo HDR Trial 4.8
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Glary Utilities_is1" = Glary Utilities 2.23.0.923
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"Reason4_is1" = Reason 4.0
"RolandRDID0027" = EDIROL PCR Driver
"RouterControl" = RouterControl 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"UltraISO_is1" = UltraISO Premium V9.36
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"dd6e9302046dd572" = FRIENDS pro
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C3F87B9-EB4D-4439-B262-068319EE2D45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E4935003-13CB-4E48-B88E-FCFC9DC21731}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115D1-7305-4DD0-AEFB-17068B68C7CF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{0A238D9D-FBFF-477A-9609-31CC47EA8234}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{130E792F-3CED-47CC-9CF0-AADD313D22D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13D06D3C-2B26-4154-8572-CD45A84A7554}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1F991B79-95FA-4AC6-8ED8-027ECFF3BE69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AC59A1C-CA97-439E-A477-0D6B337528A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3504A079-1B8D-46A2-932D-1705CFEB498D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4592B300-E14E-4978-B518-58ADABBD1D9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58B5C549-3F91-4CC7-AF60-3E6C619EEC73}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{5BE0903E-8961-4905-A868-73A0440DE817}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C917325-E2A2-49C1-A7CC-73BBC9F3BA32}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{5CB3339E-C295-452B-BBE6-7C0A384703D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63C3B3F1-4C47-4CF7-AB24-AE9D2E208BD8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C7BA3CF-34CC-47AF-8FA3-406793E0DD6C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{6D0FE4C2-3B56-401B-84C1-4C9EB3B26187}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{7751C4CD-DFAF-4BA4-9CA2-4E2B9BEC9558}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{789C41D7-FA46-450F-9905-01B7E72A55D9}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{8039D176-52C9-4647-B6E5-E6060D2C58E1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{80D362C8-CF6C-4B24-BD8D-706D08AE3717}" = dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{8E5014C0-D009-472D-8BAF-D1D83E8FA932}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{91664178-DB64-421A-BCF0-D5B29611E49F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95A5E5FC-C067-4446-83E9-5227860E189A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B669B00-4BCF-4860-888B-D7DE65141F05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5C951F5-761A-4EE4-993B-A8CADA085929}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A999D38D-45D8-46C2-9A97-93AE5B796EFA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{AEAE0FC8-F036-498B-962B-564818B91062}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0655549-766F-4CA1-8B10-BC8F6C5B017C}" = dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{B19128AE-7F9F-47CB-AC3C-D181242D79E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2650ABB-1D49-49B9-827A-3A3F6DCD62FE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BA88FC55-32E6-4050-9AFF-CFBB0A6D9BD7}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{BF80D1D0-F229-4B96-AF1E-BF32E634A432}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3B7A310-78FD-4249-87ED-395F337C6A25}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{C7435CF2-8EDA-4389-B5AD-4F44A810F054}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7937012-A20E-4698-81F9-5426EEF0C860}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C889386A-B8CF-462D-B8C3-489D881C1F5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA6834B0-1C44-4E6C-BB56-30BEF04366AE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{CF075182-E0E9-4FBF-93AF-D9F35682CB2C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D1DCE366-BC26-4D1F-A78B-1ECDF9418C62}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{E04E88A9-B3C1-484E-A788-C165893BFF80}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E530B402-7DD4-4C57-A9D6-A6D0BA798BDE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E92F2386-68BC-4A92-BFBC-D3098693EC82}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E94F36DE-C9F4-49CD-96CB-B6E7DB128B24}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{EE24A907-6A41-4246-822E-DCEEF032A24E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{FABD412A-499E-4380-827C-EEDF4319C046}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"TCP Query User{38D7D715-C42F-426E-A033-AA41C07A58FD}C:\program files\samsung\samsung new pc studio\npsdmpplayer.exe" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsdmpplayer.exe |
"TCP Query User{9977505E-CB8E-4047-B865-A46316606493}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{AB287ADE-CD19-4C1C-9B0B-DB0B60E42FC0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D3CBEFDC-4139-423F-A05D-B73863526DF0}E:\empires.exe" = protocol=6 | dir=in | app=e:\empires.exe |
"UDP Query User{0D0348E9-B812-4F26-8564-2D9678FF83A5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{247EAACE-14D1-442E-8D5E-D7895B30D365}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{2C9377F1-73B8-4E54-BE16-7AFA8D2E4401}E:\empires.exe" = protocol=17 | dir=in | app=e:\empires.exe |
"UDP Query User{A8CBC6DF-19B2-40FD-A00C-E482CCABEE2F}C:\program files\samsung\samsung new pc studio\npsdmpplayer.exe" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsdmpplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797A536D-7F3A-4FC8-94FB-B36E108BF33A}" = TheWesterner
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Dynamic-Photo HDR 4 (Trial)_is1" = Dynamic-Photo HDR Trial 4.8
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Glary Utilities_is1" = Glary Utilities 2.23.0.923
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"Reason4_is1" = Reason 4.0
"RolandRDID0027" = EDIROL PCR Driver
"RouterControl" = RouterControl 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"UltraISO_is1" = UltraISO Premium V9.36
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2344705924-3710703872-1417094863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"dd6e9302046dd572" = FRIENDS pro

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Alt 14.01.2011, 15:29   #5
markusg
/// Malware-holic
 
Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... - Standard

Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.01.2011, 05:24   #6
JeyB
 
Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... - Ausrufezeichen

Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...



Nachdem ich dieses Programm Combofix angewendet habe ist mein Laptop vollich Nutzlos-.-
Nach jedem normalen Windows start erscheint ein Bluescreen.
Beim Abgesicherten Modus jedoch nicht.
Aber eine Systemwiederherstellung ust auch nicht möglich,da Windows,dann sagt,dass Windows in einem Zustand ist indem es nicht möglich ist eine Systemwiederherstellung durch zuführen...

Alt 15.01.2011, 13:38   #7
markusg
/// Malware-holic
 
Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... - Standard

Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...



dann stelle combofix.txt ein und den text des blue screens.
es gibt malware, die so tief ins system eingreift das eine bereinigung nicht mehr möglich ist. mal schauen was genau passiert ist.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2011, 00:20   #8
JeyB
 
Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... - Ausrufezeichen

Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...



Ich hab das Problem NICHT gelöst....NEU Formatiert....alles neu gemacht....

Antwort

Themen zu Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...
antivir, antivir guard, avira, bho, bonjour, cdburnerxp, computer, desktop, excel, fehler, firefox, google, helper, hijackthis, internet explorer, launch, logfile, mozilla, nach updates, nicht möglich, pop-up-blocker, programm, prozess, realtek, skype.exe, software, studio, system, updates, virus, virus fund, vista, windows



Ähnliche Themen: Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet...


  1. in Firefox werden links aus der google-Suche umgeleitet auf h**p://lp2.playerpage109.info/1421194756/player/LP5_1/?pid=7302&distid=24543&d1=
    Plagegeister aller Art und deren Bekämpfung - 17.01.2015 (13)
  2. Mozilla Firefox befallen - greao Tsavinngo links werden automisch erstellt
    Log-Analyse und Auswertung - 06.10.2014 (20)
  3. Windows-Hostprozess Rundll32 funktioniert nicht mehr
    Log-Analyse und Auswertung - 14.05.2014 (5)
  4. Mozilla Firefox: überall Werbung, unterstrichene Wörter mit Links, Weiterleitung zu Links
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (11)
  5. Googlelinks/Links werden umgeleitet
    Alles rund um Windows - 26.05.2013 (8)
  6. Windows Hostprozess funktioniert nicht mehr 2
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (0)
  7. Mozilla Firefox funktioniert Internet Explorer und andere Programme nicht
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (12)
  8. Dringend! Google Links werden umgeleitet - OTL & GMER werden von Virus beendet
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (1)
  9. google links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (18)
  10. Hostprozess rundll32 funktioniert nicht mehr
    Netzwerk und Hardware - 14.08.2010 (21)
  11. Google links werden umgeleitet; bei Login-Versuchen (email, onlinebanking...) stürtzt firefox ab
    Plagegeister aller Art und deren Bekämpfung - 19.07.2010 (37)
  12. Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt
    Plagegeister aller Art und deren Bekämpfung - 13.07.2010 (12)
  13. links werden umgeleitet und werbe-links öffnen sich von allein (firefox)
    Log-Analyse und Auswertung - 08.04.2010 (18)
  14. firefox: links werden umgeleitet und werbe-links öffnen sich von allein
    Log-Analyse und Auswertung - 30.03.2010 (11)
  15. Links werden umgeleitet
    Log-Analyse und Auswertung - 10.10.2009 (11)
  16. Googleergebnisse werden umgeleitet - Hijackthis funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 12.07.2009 (18)
  17. Google Links werden umgeleitet
    Log-Analyse und Auswertung - 14.05.2009 (0)

Zum Thema Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... - Hallo, mein Windows update funktioniert nicht folgender Fehler wird angezeigt: "Die suche nach updates nicht möglich code 80072EFE." Wenn ich auf google etwas als Suchbegriff eingebe und anschließend auf einen - Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet......
Archiv
Du betrachtest: Hostprozess funktioniert nicht!Mozilla Firefox Links werden umgeleitet... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.