Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

strange addresses appear on ipconfig/displaydns


  • Please log in to reply

#1
hrparra

hrparra

    Member

  • Member
  • PipPip
  • 99 posts
Hello again there,
Can you be so kind to help me fixing my computer? Today I have notice that there are some many strange addresses appear on my dns cache (ipconfig /displaydns) that I never visited before, I tried to flush them (ipconfig /flushdns) there was no error ad seems to be deleted however when I checked again the address were still there. I guess that I have kind of malware that it is connecting to those webpages. I followed the steps suggested by the admin (Malware and Spyware Cleaning Guide) but the problem persists. Also I tried spybot and did not find anything strange. However I tried to get into Documents and settings and the access is blocked. I dont want to lost information neither to send private information to third parts.

Thank you very much in advanced.


I edit and I add what displaydns shows me:
Eintragsname . . . . . : vorriere.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


vorriere.it
----------------------------------------
Keine Einträge vom Typ AAAA


ueorn-rsztriv.com
----------------------------------------
Eintragsname . . . . . : ueorn-rsztriv.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


ueorn-rsztriv.com
----------------------------------------
Keine Einträge vom Typ AAAA


www.turismoaq.it
----------------------------------------
Eintragsname . . . . . : www.turismoaq.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


www.turismoaq.it
----------------------------------------
Keine Einträge vom Typ AAAA


www.topbrowsing.com
----------------------------------------
Eintragsname . . . . . : www.topbrowsing.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


www.topbrowsing.com
----------------------------------------
Keine Einträge vom Typ AAAA


tiuscali.it
----------------------------------------
Eintragsname . . . . . : tiuscali.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


tiuscali.it
----------------------------------------
Keine Einträge vom Typ AAAA


tgiscali.it
----------------------------------------
Eintragsname . . . . . : tgiscali.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


tgiscali.it
----------------------------------------
Keine Einträge vom Typ AAAA


spyiblock.com
----------------------------------------
Eintragsname . . . . . : spyiblock.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


spyiblock.com
----------------------------------------
Keine Einträge vom Typ AAAA


www.smart-antivirus2009.com
----------------------------------------
Eintragsname . . . . . : www.smart-antivirus2009.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


www.smart-antivirus2009.com
----------------------------------------
Keine Einträge vom Typ AAAA


sef516.greatbahamas.com
----------------------------------------
Eintragsname . . . . . : sef516.greatbahamas.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


sef516.greatbahamas.com
----------------------------------------
Keine Einträge vom Typ AAAA


securitybulletin.net
----------------------------------------
Eintragsname . . . . . : securitybulletin.net
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


securitybulletin.net
----------------------------------------
Keine Einträge vom Typ AAAA


searchbee.net
----------------------------------------
Eintragsname . . . . . : searchbee.net
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


searchbee.net
----------------------------------------
Keine Einträge vom Typ AAAA


rossoallice.it
----------------------------------------
Eintragsname . . . . . : rossoallice.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


rossoallice.it
----------------------------------------
Keine Einträge vom Typ AAAA


rossoalicce.it
----------------------------------------
Eintragsname . . . . . : rossoalicce.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


rossoalicce.it
----------------------------------------
Keine Einträge vom Typ AAAA


www.ridewash.com
----------------------------------------
Eintragsname . . . . . : www.ridewash.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


www.ridewash.com
----------------------------------------
Keine Einträge vom Typ AAAA


www.repubnlica.it
----------------------------------------
Eintragsname . . . . . : www.repubnlica.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


www.repubnlica.it
----------------------------------------
Keine Einträge vom Typ AAAA


www.q36.cn
----------------------------------------
Eintragsname . . . . . : www.q36.cn
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


www.q36.cn
----------------------------------------
Keine Einträge vom Typ AAAA


picsofseductiveladies.com
----------------------------------------
Eintragsname . . . . . : picsofseductiveladies.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


picsofseductiveladies.com
----------------------------------------
Keine Einträge vom Typ AAAA


www.pflanzen-heute.com
----------------------------------------
Eintragsname . . . . . : www.pflanzen-heute.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


www.pflanzen-heute.com
----------------------------------------
Keine Einträge vom Typ AAAA


www.pc-antispy.com
----------------------------------------
Eintragsname . . . . . : www.pc-antispy.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


www.pc-antispy.com
----------------------------------------
Keine Einträge vom Typ AAAA


www.netpspmovies.com
----------------------------------------
Eintragsname . . . . . : www.netpspmovies.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X


www.netpspmovies.com
----------------------------------------
Keine Einträge vom Typ AAAA



Also please find following the needed logs:

OTL:
OTL logfile created on: 02.11.2009 23:17:12 - Run 1
OTL by OldTimer - Version 3.1.3.1 Folder = C:\Users\HRP\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,61% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,15 Gb Total Space | 55,25 Gb Free Space | 38,87% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 80,09 Gb Free Space | 56,03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 3,73 Gb Total Space | 1,54 Gb Free Space | 41,37% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: HRP-PC
Current User Name: HRP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009.11.02 23:04:38 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\HRP\Downloads\OTL.exe
PRC - [2009.11.01 12:47:48 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.10.29 17:09:17 | 00,080,936 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2009.10.01 17:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Programme\a-squared Free\a2service.exe
PRC - [2009.07.31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jusched.exe
PRC - [2009.07.01 15:30:05 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\AutoUpdate\ALMon.exe
PRC - [2009.07.01 15:30:05 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe
PRC - [2009.06.10 14:22:22 | 00,334,224 | ---- | M] (The Eraser Project) -- C:\Programme\Eraser\Eraser.exe
PRC - [2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.28 00:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009.03.05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.08.21 11:04:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008.08.19 11:26:00 | 06,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.29 17:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.29 17:52:50 | 00,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.06.13 11:17:38 | 00,241,734 | ---- | M] () -- C:\Programme\CyberLink\Shared Files\RichVideo.exe
PRC - [2008.06.02 09:26:38 | 00,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008.06.02 09:26:22 | 00,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008.06.02 09:25:40 | 00,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.05.20 17:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.01.21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008.01.21 03:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008.01.21 03:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008.01.21 03:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007.01.17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Common Files\LightScribe\LSSrvc.exe
PRC - [2007.01.01 22:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Users\HRP\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2009.11.02 23:04:38 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\HRP\Downloads\OTL.exe
MOD - [2009.04.11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (ose)
SRV - File not found -- -- (odserv)
SRV - [2009.10.29 17:09:17 | 00,080,936 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2009.10.01 17:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009.07.01 15:30:05 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009.03.30 05:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.28 00:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009.02.18 19:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009.02.18 19:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.02.18 19:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009.01.26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.08.21 11:04:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2008.07.29 17:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.06.13 11:17:38 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo)
SRV - [2008.06.02 09:25:40 | 00,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.05.20 17:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.04.25 20:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008.04.25 20:36:02 | 00,131,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008.03.03 12:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008.01.21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008.01.21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.11.02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006.11.02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Maps Deutschland - Sat."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.mx/"
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.0
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000005
FF - prefs.js..extensions.enabledItems: {BB080420-8088-F650-3D47-13799CCD6159}:1.32
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.14
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.5
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..network.proxy.http: "www-cache.ub.uni-heidelberg.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks_version: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.06.24 10:41:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.01 12:47:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.01 12:47:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.08.21 00:12:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.08.09 10:30:46 | 00,000,000 | ---D | M]

[2009.10.28 22:01:54 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\[email protected]
[2009.05.22 21:12:54 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\[email protected]
[2009.08.14 19:07:15 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\[email protected]
[2009.03.25 22:47:33 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\[email protected]
[2009.11.01 13:03:28 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\[email protected]
[2009.03.25 22:47:35 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009.07.02 00:27:15 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009.05.02 19:08:17 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.08.18 05:16:20 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{BB080420-8088-F650-3D47-13799CCD6159}
[2009.03.25 22:47:35 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2009.10.09 23:08:08 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.08.04 20:42:38 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2009.03.25 22:47:29 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009.06.04 17:27:26 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009.10.29 21:52:23 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.09.24 18:25:56 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009.07.08 21:00:11 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009.10.15 21:59:37 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009.09.15 20:35:46 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2009.06.25 19:41:42 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.02 23:01:48 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions
[2009.07.14 18:34:10 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Extensions\[email protected]
[2009.03.21 17:34:53 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.07.14 18:34:10 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Extensions
[2009.11.01 17:43:27 | 00,001,851 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\4chan-rapidshares.xml
[2009.11.01 17:43:27 | 00,001,457 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\freetranslation-de-en.xml
[2009.11.01 17:43:27 | 00,001,457 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\freetranslation-en-de.xml
[2009.11.01 17:43:27 | 00,001,459 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\freetranslation-eng-es.xml
[2009.11.01 17:43:27 | 00,001,459 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\freetranslation-es-eng.xml
[2009.11.01 17:43:27 | 00,002,234 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\google-maps-deutschland---sat.xml
[2009.03.31 21:01:48 | 00,001,620 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\mozilla-add-ons.xml
[2009.11.01 17:43:27 | 00,001,953 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\mycroft-project.xml
[2009.10.20 20:58:31 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.08.28 22:59:53 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.04.05 19:31:28 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.11.01 12:47:55 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.10.20 20:58:31 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.01 12:47:47 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.11.01 12:47:47 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.05.01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\libdivx.dll
[2007.04.10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
[2009.07.31 14:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
[2006.02.17 15:59:08 | 00,528,896 | ---- | M] (DivX,Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdivx32.dll
[2009.05.18 23:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009.11.01 12:47:49 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2007.05.02 05:44:29 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
[2009.05.01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\ssldivx.dll
[2009.11.01 12:47:50 | 00,001,534 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\creativecommons.xml
[2009.11.01 12:47:50 | 00,003,996 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\drae.xml
[2009.11.01 12:47:50 | 00,000,751 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-es.xml
[2009.11.01 12:47:50 | 00,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.11.01 12:47:50 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2009.11.01 12:47:50 | 00,000,798 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: (348946 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11965 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [Google Update] C:\Users\HRP\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\HRP\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUpldes-mx.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.04.17 00:01:20 | 00,000,085 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 03:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009.11.02 22:45:27 | 00,000,000 | ---D | C] -- C:\Programme\ERUNT
[2009.11.02 22:37:00 | 00,000,000 | ---D | C] -- C:\Users\HRP\AppData\Local\temp
[2009.11.02 22:18:46 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009.11.02 22:18:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009.11.02 22:18:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009.11.02 22:18:43 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009.11.02 22:16:39 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.11.02 21:22:15 | 00,000,000 | ---D | C] -- C:\Users\HRP\Documents\a-squared Free
[2009.11.02 21:22:15 | 00,000,000 | ---D | C] -- C:\Programme\a-squared Free
[2009.11.02 20:55:08 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.11.01 19:44:53 | 00,000,000 | ---D | C] -- C:\Programme\winks
[2009.10.29 21:58:52 | 00,000,000 | ---D | C] -- C:\Users\HRP\Desktop\David Sylvian & Robert Fripp - Damage (1994) (Live)
[2009.10.25 19:30:14 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2009.10.25 12:17:59 | 00,307,088 | ---- | C] (-) -- C:\Windows\System32\Eraser.dll
[2009.10.25 12:17:59 | 00,083,344 | ---- | C] (-) -- C:\Windows\System32\Erasext.dll
[2009.10.25 12:17:59 | 00,073,104 | ---- | C] (-) -- C:\Windows\System32\Eraserl.exe
[2009.10.25 12:17:59 | 00,000,000 | ---D | C] -- C:\Programme\Eraser
[2008.10.28 11:31:49 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 14 Days ==========

[2009.11.02 23:16:53 | 07,340,032 | ---- | M] () -- C:\Users\HRP\NTUSER.DAT
[2009.11.02 23:05:34 | 01,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.11.02 23:05:34 | 00,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.11.02 23:05:34 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.11.02 23:05:34 | 00,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.11.02 23:05:34 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.11.02 22:59:38 | 08,405,015 | ---- | M] () -- C:\Windows\TempFile
[2009.11.02 22:59:38 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009.11.02 22:59:21 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.11.02 22:59:17 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.11.02 22:59:17 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.11.02 22:59:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.11.02 22:53:24 | 00,524,288 | -HS- | M] () -- C:\Users\HRP\NTUSER.DAT{8fb236e1-3df0-11de-9448-0021972e303d}.TMContainer00000000000000000001.regtrans-ms
[2009.11.02 22:53:24 | 00,065,536 | -HS- | M] () -- C:\Users\HRP\NTUSER.DAT{8fb236e1-3df0-11de-9448-0021972e303d}.TM.blf
[2009.11.02 22:53:20 | 03,250,349 | -H-- | M] () -- C:\Users\HRP\AppData\Local\IconCache.db
[2009.11.02 22:48:19 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009.11.02 22:46:59 | 00,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1721380331-4204598253-2394454005-1006UA.job
[2009.11.02 22:34:13 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009.11.02 21:55:00 | 00,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1721380331-4204598253-2394454005-1000UA.job
[2009.11.02 21:12:18 | 00,000,068 | ---- | M] () -- C:\Users\HRP\Documents\cleartraces.bat
[2009.11.02 21:09:51 | 00,000,569 | ---- | M] () -- C:\Users\HRP\Desktop\cleartraces.lnk
[2009.11.02 14:55:00 | 00,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1721380331-4204598253-2394454005-1000Core.job
[2009.11.02 00:47:00 | 00,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1721380331-4204598253-2394454005-1006Core.job
[2009.11.01 17:13:20 | 00,348,946 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009.11.01 12:47:52 | 00,348,946 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091101-171320.backup
[2009.10.31 17:20:20 | 00,112,640 | ---- | M] () -- C:\Users\HRP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.27 21:21:22 | 00,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI
[2009.10.26 16:44:58 | 00,000,051 | ---- | M] () -- C:\Windows\System32\1256571898.(null)
[2009.10.26 16:29:32 | 00,094,633 | ---- | M] () -- C:\Users\HRP\Desktop\toto.jpg
[2009.10.25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009.10.24 02:50:02 | 00,000,107 | ---- | M] () -- C:\Windows\System32\1256349002.(null)

========== Files Created - No Company Name ==========

[2009.11.02 22:48:19 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009.11.02 22:18:46 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009.11.02 22:18:45 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009.11.02 22:18:44 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009.11.02 22:18:44 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009.11.02 22:18:44 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009.11.02 21:09:36 | 00,000,569 | ---- | C] () -- C:\Users\HRP\Desktop\cleartraces.lnk
[2009.11.02 21:03:57 | 00,000,068 | ---- | C] () -- C:\Users\HRP\Documents\cleartraces.bat
[2009.10.26 16:44:58 | 00,000,051 | ---- | C] () -- C:\Windows\System32\1256571898.(null)
[2009.10.25 20:37:15 | 00,094,633 | ---- | C] () -- C:\Users\HRP\Desktop\toto.jpg
[2009.10.24 02:50:02 | 00,000,107 | ---- | C] () -- C:\Windows\System32\1256349002.(null)
[2009.09.17 05:22:30 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.28 23:15:50 | 00,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.08.08 01:30:07 | 00,082,784 | ---- | C] () -- C:\Users\HRP\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009.08.03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.05 23:14:28 | 00,000,766 | ---- | C] () -- C:\Program Files\PCT.exe.lnk
[2009.06.05 23:14:28 | 00,000,615 | ---- | C] () -- C:\Program Files\Chessimo.lnk
[2009.06.03 04:54:14 | 00,000,038 | ---- | C] () -- C:\Windows\ChssBase.ini
[2009.04.21 20:06:15 | 00,000,030 | ---- | C] () -- C:\Windows\CDMKR32.INI
[2009.04.19 13:41:27 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.04.13 21:41:57 | 00,000,122 | ---- | C] () -- C:\Windows\wininit.ini
[2009.04.09 06:37:42 | 00,872,507 | ---- | C] () -- C:\Windows\System32\mesa.dll
[2009.04.06 22:37:02 | 00,027,520 | ---- | C] () -- C:\Windows\System32\drivers\RTWTKRNL.sys
[2009.04.06 21:33:21 | 00,000,000 | ---- | C] () -- C:\Windows\System32\WNASPI32.DLL.BAK
[2009.04.06 21:33:21 | 00,000,000 | ---- | C] () -- C:\Windows\System32\drivers\ASPI32.SYS.BAK
[2009.04.06 21:31:18 | 00,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2009.04.06 21:20:19 | 00,000,157 | ---- | C] () -- C:\Windows\matlab.ini
[2009.03.22 04:02:15 | 00,112,640 | ---- | C] () -- C:\Users\HRP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.21 18:53:01 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.03.21 17:41:55 | 03,250,349 | -H-- | C] () -- C:\Users\HRP\AppData\Local\IconCache.db
[2009.03.21 16:58:31 | 00,083,240 | ---- | C] () -- C:\Users\HRP\AppData\Local\GDIPFONTCACHEV1.DAT
[2008.10.28 03:18:39 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2007.06.03 19:31:28 | 00,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.02.06 01:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006.11.02 13:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006.11.02 13:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 13:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:23:31 | 00,000,319 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 11:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.10 02:32:16 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006.10.10 02:32:16 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2006.10.10 02:28:35 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2006.10.10 02:28:35 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2006.02.25 19:12:34 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006.02.25 19:09:38 | 00,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2001.12.26 15:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008.10.28 03:31:38 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\Acer GameZone Console
[2009.06.03 04:55:19 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\ChessBase
[2009.08.28 23:15:43 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\Corel
[2009.05.25 21:13:35 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\eSobi
[2009.03.29 09:25:46 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\IrfanView
[2009.03.27 00:51:06 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\NASA
[2009.04.05 21:00:17 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\Opera
[2009.04.02 20:09:04 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\streamripper
[2009.08.03 08:31:13 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\Thinstall
[2009.03.26 19:20:34 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\Thunderbird
[2009.07.14 18:34:09 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\TomTom
[2009.03.27 02:08:07 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\virtualmoon
[2009.11.02 22:59:21 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009.11.02 22:53:23 | 00,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[1999.10.02 11:24:46 | 00,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Programme\MATLAB\R2007a\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2008.01.21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006.11.02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\HRP\Desktop\video.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\HRP\Desktop\natacion.avi:TOC.WMV
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4F636E25
< End of report >
OTL Extras logfile created on: 02.11.2009 23:17:12 - Run 1
OTL by OldTimer - Version 3.1.3.1 Folder = C:\Users\HRP\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,61% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,15 Gb Total Space | 55,25 Gb Free Space | 38,87% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 80,09 Gb Free Space | 56,03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 3,73 Gb Total Space | 1,54 Gb Free Space | 41,37% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: HRP-PC
Current User Name: HRP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13884D82-BF91-4992-905D-9F56F1078666}" = lport=137 | protocol=17 | dir=in | app=system |
"{3A89FE31-1F8F-4112-AA4F-F5C6C8E80758}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EEF1272-1E6F-463C-9DD7-62831BBF8232}" = lport=445 | protocol=6 | dir=in | app=system |
"{42CAB28C-FA0A-4F79-A82D-58B2CC13C063}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{63B12FF0-7360-4B42-9414-BD2F6A8FA08E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C8B5601-875A-4A04-A281-F33A7E9DF56C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C762399-2861-4AEB-80DC-4A123C8E4393}" = rport=445 | protocol=6 | dir=out | app=system |
"{92788A4B-33B5-4C27-849E-AB7E61A3646C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{97EFE13C-DF9B-44C6-B559-23CF9AA3A215}" = rport=139 | protocol=6 | dir=out | app=system |
"{A5C69872-3C31-44BA-84BB-BDD47870C9B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AA598F71-67D2-4419-AA70-66BF395FDC74}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BA872DA4-3405-47A1-B5DC-0925F9D69D37}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA2E299F-219C-4A99-986D-0B8E15DF3C4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBB61F2D-FA4E-4505-9A6D-4D995A3C2645}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6185B34-E83C-4ACE-B2D9-A6C1FF371976}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1B23B26-2CFA-4355-96B6-59D5888AEB11}" = rport=138 | protocol=17 | dir=out | app=system |
"{E3671C9B-A2CD-4F95-A72D-67A0043ADA09}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E8F1938B-A617-4952-B335-A307876778E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF7B4D4B-8FED-4BA2-A6AF-78C53F22FE61}" = lport=139 | protocol=6 | dir=in | app=system |
"{F100149C-AF1B-40B4-9C61-EF20F37FCB31}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFB1CB65-6EBD-4A97-B71D-EBF8F5461186}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01111B72-1050-4E28-BA23-DE0F6E8B0649}" = protocol=58 | dir=out | [email protected],-28546 |
"{019E7658-3B0E-4DF2-930C-2A9274F013B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{02EB46A6-874A-49EE-8E9D-F5DF8F71B0DD}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{0B77CA0E-73E3-42A7-81AA-6E571083200D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{0EFF8208-8540-48EA-BBD3-B7CB7F62BF24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10DEA36A-A6F0-4568-884F-645E251C3DE6}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{13F8DDAC-5E9F-4C2F-83D6-1A95509FCD0F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{1B2957B2-057F-4035-A928-2AF3A9EF4B9D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{286FDB5E-A787-4CEC-B4EA-F875577FC057}" = protocol=58 | dir=in | [email protected],-28545 |
"{391A472E-9D29-49FB-A09E-EE724D0F15AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3976701B-C292-45D3-9D48-1E81364F7947}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{3EE8CB0A-9C4C-4900-BDE4-D2328EFEBC88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43651FB3-98FD-4678-8930-4EA7DE9AD1C9}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{4B752729-26A8-43CA-94F6-AE8D20FED741}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5558548C-2788-4D7B-9814-157A4F660312}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{5C9C204F-1256-4DA9-9CBC-42577EC48660}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6376ABB3-DC46-455B-B3B2-8B8F6D05C409}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F668880-84C9-46C0-8A98-66B9E4BAA321}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7285CAEC-E7AE-45AF-B8B8-3D5E240DC5F1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{731057D2-B45B-4969-93B2-1155798CC3AB}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{885E3167-D530-4379-A08E-180A82E75359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D6EE5A1-7758-4668-B398-7193F1FB796D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9C853D9E-4548-468E-901B-BD48326429F5}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{A07224C4-ED82-44FA-A857-B017FDF756E3}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AA65C8E3-C18E-4143-B74E-710F601B4F93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4DD9959-42D2-4C03-80EE-31CC48E85113}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC493AB9-26D3-4405-B539-0C56DBC19A91}" = protocol=1 | dir=out | [email protected],-28544 |
"{CB445F8C-2960-4CDF-A6CC-6FE74DB11E45}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{D03357EE-B605-4380-80EF-C2B3235848AB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D3AB8735-8CE3-47AC-BD1E-B929CDFAD72A}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{DE925D0B-1FD0-4C8B-A9BE-42D02174DCC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E35E0AE6-1700-4EF1-AE65-09A3532F092B}" = protocol=1 | dir=in | [email protected],-28543 |
"{EAB35C71-FA13-4FEF-B829-E6BAEBD18263}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{EBF5276E-8A6A-40D0-9172-5FD639E19B4E}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{ED8B4D6E-B15D-463B-B08C-F449E6E14876}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFDF4826-FA45-4518-B474-4F0E9EB70848}" = protocol=6 | dir=out | app=system |
"TCP Query User{0D95A3F6-4771-43DF-A57A-C99BFB5289FB}C:\program files\winks\ig.exe" = protocol=6 | dir=in | app=c:\program files\winks\ig.exe |
"TCP Query User{212080CE-796F-47F3-9313-7E0C247C9600}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2592CBAC-107C-4CD8-B02C-FA6EB13032B2}C:\users\goldis\desktop\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe" = protocol=6 | dir=in | app=c:\users\goldis\desktop\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe |
"TCP Query User{2C2EC8D8-C9BC-49A8-A435-D35915C1E22F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{916ED3C1-6DAA-4234-8515-38E76E571DA5}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{A97C897B-401C-429E-B06E-676E1A9610FF}\\hrp-data\myshare\backup lab\romo-parra\download\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe" = protocol=6 | dir=in | app=\\hrp-data\myshare\backup lab\romo-parra\download\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe |
"UDP Query User{172816CA-88BC-4EF2-B0ED-F041D5030B15}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{3380982F-CBE3-408B-8662-092317F9CB59}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9CF5C04F-2454-4CE6-B1A4-3D2B4456B335}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C85A5ACC-AA27-409A-A27F-BBD793216E0E}\\hrp-data\myshare\backup lab\romo-parra\download\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe" = protocol=17 | dir=in | app=\\hrp-data\myshare\backup lab\romo-parra\download\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe |
"UDP Query User{CEC883F0-5B2C-4575-BB20-861E7CF465BB}C:\users\goldis\desktop\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe" = protocol=17 | dir=in | app=c:\users\goldis\desktop\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe |
"UDP Query User{D598CCB7-8C00-46B2-A06C-95FEADA4EF24}C:\program files\winks\ig.exe" = protocol=17 | dir=in | app=c:\program files\winks\ig.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 16
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1" = Virtual Moon Atlas Pro 4.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F0F01E5-A98F-4744-85AE-3375318C452D}" = Fritz11
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90280C0A-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}" = BabasChess
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BC14F40D-7C13-4F3A-9F4A-3835D7642036}" = PE585QAEncoder-32
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CED3B64B-9381-4AB8-A213-6C084C952E43}" = Zamzom Wireless
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6FE40C1-790D-4684-AF45-E468EC1E6E27}" = Chessimo 3.02
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F245E2B9-58F8-48CC-8526-A0CB8DE1512B}" = Axon pCLAMP 9.2
"{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Free_is1" = a-squared Free 4.5
"AutoItv3" = AutoIt v3.3.0.0
"AviSynth" = AviSynth 2.5
"BeatScanner 1.41_is1" = BeatScanner 1.41
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"FormatFactory" = FormatFactory 2.10
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.5
"HijackThis" = HijackThis 2.0.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"IrfanView" = IrfanView (remove only)
"Jetcast" = Jetcast 3.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2007a" = MATLAB R2007a
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiniAnalysis" = MiniAnalysis
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NASA World Wind 1.4" = NASA World Wind 1.4
"NVIDIA Drivers" = NVIDIA Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"WinX DVD Ripper_is1" = WinX DVD Ripper 4.1.2
"Wubi" = Ubuntu

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29.10.2009 11:37:15 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 29.10.2009 11:47:06 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 29.10.2009 11:51:15 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 29.10.2009 11:53:58 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 29.10.2009 12:09:34 | Computer Name = HRP-PC | Source = MsiInstaller | ID = 1002
Description =

Error - 29.10.2009 12:09:59 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 29.10.2009 14:37:54 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 29.10.2009 15:13:54 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 29.10.2009 15:26:17 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 29.10.2009 16:34:57 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =

[ System Events ]
Error - 02.11.2009 18:07:24 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...ds\RootRepeal.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08dafcef6b]).

Error - 02.11.2009 18:07:24 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08da5fec1b]).

Error - 02.11.2009 18:07:26 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08db61568b]).

Error - 02.11.2009 18:07:26 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08db8b9adb]).

Error - 02.11.2009 18:07:28 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08dca39a8b]).

Error - 02.11.2009 18:07:28 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08dca39a8b]).

Error - 02.11.2009 18:07:30 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08ddc07c3b]).

Error - 02.11.2009 18:07:30 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08ddc9f21b]).

Error - 02.11.2009 18:07:30 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08ddc44ccb]).

Error - 02.11.2009 18:07:30 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08ddd1451b]).


< End of report >


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/02 23:03
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x8F3F4000 Size: 40960 File Visible: No Signed: -
Status: -

Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x837CD000 Size: 147456 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA6167000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1172 Status: Locked to the Windows API!

==EOF==

Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3089
Windows 6.0.6002 Service Pack 2

02.11.2009 23:26:18
mbam-log-2009-11-02 (23-26-18).txt

Tipo de examen : Examen Rápido
Objetos examinados: 109429
Tiempo transcurrido: 3 minute(s), 3 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)

Edited by hrparra, 03 November 2009 - 10:37 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP