Can you be so kind to help me fixing my computer? Today I have notice that there are some many strange addresses appear on my dns cache (ipconfig /displaydns) that I never visited before, I tried to flush them (ipconfig /flushdns) there was no error ad seems to be deleted however when I checked again the address were still there. I guess that I have kind of malware that it is connecting to those webpages. I followed the steps suggested by the admin (Malware and Spyware Cleaning Guide) but the problem persists. Also I tried spybot and did not find anything strange. However I tried to get into Documents and settings and the access is blocked. I dont want to lost information neither to send private information to third parts.
Thank you very much in advanced.
I edit and I add what displaydns shows me:
Eintragsname . . . . . : vorriere.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
vorriere.it
----------------------------------------
Keine Einträge vom Typ AAAA
ueorn-rsztriv.com
----------------------------------------
Eintragsname . . . . . : ueorn-rsztriv.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
ueorn-rsztriv.com
----------------------------------------
Keine Einträge vom Typ AAAA
www.turismoaq.it
----------------------------------------
Eintragsname . . . . . : www.turismoaq.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
www.turismoaq.it
----------------------------------------
Keine Einträge vom Typ AAAA
www.topbrowsing.com
----------------------------------------
Eintragsname . . . . . : www.topbrowsing.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
www.topbrowsing.com
----------------------------------------
Keine Einträge vom Typ AAAA
tiuscali.it
----------------------------------------
Eintragsname . . . . . : tiuscali.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
tiuscali.it
----------------------------------------
Keine Einträge vom Typ AAAA
tgiscali.it
----------------------------------------
Eintragsname . . . . . : tgiscali.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
tgiscali.it
----------------------------------------
Keine Einträge vom Typ AAAA
spyiblock.com
----------------------------------------
Eintragsname . . . . . : spyiblock.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
spyiblock.com
----------------------------------------
Keine Einträge vom Typ AAAA
www.smart-antivirus2009.com
----------------------------------------
Eintragsname . . . . . : www.smart-antivirus2009.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
www.smart-antivirus2009.com
----------------------------------------
Keine Einträge vom Typ AAAA
sef516.greatbahamas.com
----------------------------------------
Eintragsname . . . . . : sef516.greatbahamas.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
sef516.greatbahamas.com
----------------------------------------
Keine Einträge vom Typ AAAA
securitybulletin.net
----------------------------------------
Eintragsname . . . . . : securitybulletin.net
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
securitybulletin.net
----------------------------------------
Keine Einträge vom Typ AAAA
searchbee.net
----------------------------------------
Eintragsname . . . . . : searchbee.net
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
searchbee.net
----------------------------------------
Keine Einträge vom Typ AAAA
rossoallice.it
----------------------------------------
Eintragsname . . . . . : rossoallice.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
rossoallice.it
----------------------------------------
Keine Einträge vom Typ AAAA
rossoalicce.it
----------------------------------------
Eintragsname . . . . . : rossoalicce.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
rossoalicce.it
----------------------------------------
Keine Einträge vom Typ AAAA
www.ridewash.com
----------------------------------------
Eintragsname . . . . . : www.ridewash.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
www.ridewash.com
----------------------------------------
Keine Einträge vom Typ AAAA
www.repubnlica.it
----------------------------------------
Eintragsname . . . . . : www.repubnlica.it
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
www.repubnlica.it
----------------------------------------
Keine Einträge vom Typ AAAA
www.q36.cn
----------------------------------------
Eintragsname . . . . . : www.q36.cn
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
www.q36.cn
----------------------------------------
Keine Einträge vom Typ AAAA
picsofseductiveladies.com
----------------------------------------
Eintragsname . . . . . : picsofseductiveladies.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
picsofseductiveladies.com
----------------------------------------
Keine Einträge vom Typ AAAA
www.pflanzen-heute.com
----------------------------------------
Eintragsname . . . . . : www.pflanzen-heute.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
www.pflanzen-heute.com
----------------------------------------
Keine Einträge vom Typ AAAA
www.pc-antispy.com
----------------------------------------
Eintragsname . . . . . : www.pc-antispy.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
www.pc-antispy.com
----------------------------------------
Keine Einträge vom Typ AAAA
www.netpspmovies.com
----------------------------------------
Eintragsname . . . . . : www.netpspmovies.com
Eintragstyp . . . . . : 1
Gültigkeitsdauer . . . : 86400
Datenlänge . . . . . . : 4
Abschnitt. . . . . . . : Antwort
(Host-)A-Eintrag . . : XXX.X.X.X
www.netpspmovies.com
----------------------------------------
Keine Einträge vom Typ AAAA
Also please find following the needed logs:
OTL:
OTL logfile created on: 02.11.2009 23:17:12 - Run 1
OTL by OldTimer - Version 3.1.3.1 Folder = C:\Users\HRP\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,61% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,15 Gb Total Space | 55,25 Gb Free Space | 38,87% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 80,09 Gb Free Space | 56,03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 3,73 Gb Total Space | 1,54 Gb Free Space | 41,37% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: HRP-PC
Current User Name: HRP
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009.11.02 23:04:38 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\HRP\Downloads\OTL.exe
PRC - [2009.11.01 12:47:48 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.10.29 17:09:17 | 00,080,936 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2009.10.01 17:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Programme\a-squared Free\a2service.exe
PRC - [2009.07.31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jusched.exe
PRC - [2009.07.01 15:30:05 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\AutoUpdate\ALMon.exe
PRC - [2009.07.01 15:30:05 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe
PRC - [2009.06.10 14:22:22 | 00,334,224 | ---- | M] (The Eraser Project) -- C:\Programme\Eraser\Eraser.exe
PRC - [2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.28 00:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009.03.05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.08.21 11:04:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008.08.19 11:26:00 | 06,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.29 17:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.29 17:52:50 | 00,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.06.13 11:17:38 | 00,241,734 | ---- | M] () -- C:\Programme\CyberLink\Shared Files\RichVideo.exe
PRC - [2008.06.02 09:26:38 | 00,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008.06.02 09:26:22 | 00,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008.06.02 09:25:40 | 00,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.05.20 17:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.01.21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008.01.21 03:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008.01.21 03:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008.01.21 03:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007.01.17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Common Files\LightScribe\LSSrvc.exe
PRC - [2007.01.01 22:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Users\HRP\AppData\Roaming\Google\Google Talk\googletalk.exe
========== Modules (SafeList) ==========
MOD - [2009.11.02 23:04:38 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\HRP\Downloads\OTL.exe
MOD - [2009.04.11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (ose)
SRV - File not found -- -- (odserv)
SRV - [2009.10.29 17:09:17 | 00,080,936 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2009.10.01 17:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009.07.01 15:30:05 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009.03.30 05:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.28 00:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009.02.18 19:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009.02.18 19:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.02.18 19:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009.01.26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.08.21 11:04:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2008.07.29 17:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.06.13 11:17:38 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo)
SRV - [2008.06.02 09:25:40 | 00,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.05.20 17:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.04.25 20:36:20 | 00,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008.04.25 20:36:02 | 00,131,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008.03.03 12:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008.01.21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008.01.21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.11.02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006.11.02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google Maps Deutschland - Sat."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.mx/"
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.0
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000005
FF - prefs.js..extensions.enabledItems: {BB080420-8088-F650-3D47-13799CCD6159}:1.32
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.14
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.7
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..network.proxy.http: "www-cache.ub.uni-heidelberg.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks_version: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.06.24 10:41:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.01 12:47:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.01 12:47:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.08.21 00:12:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.08.09 10:30:46 | 00,000,000 | ---D | M]
[2009.10.28 22:01:54 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\TFToolbarX@torrent-finder
[2009.05.22 21:12:54 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\[email protected]
[2009.08.14 19:07:15 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\[email protected]
[2009.03.25 22:47:33 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\[email protected]
[2009.11.01 13:03:28 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\[email protected]
[2009.03.25 22:47:35 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009.07.02 00:27:15 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009.05.02 19:08:17 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.08.18 05:16:20 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{BB080420-8088-F650-3D47-13799CCD6159}
[2009.03.25 22:47:35 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2009.10.09 23:08:08 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.08.04 20:42:38 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2009.03.25 22:47:29 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009.06.04 17:27:26 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009.10.29 21:52:23 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.09.24 18:25:56 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009.07.08 21:00:11 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009.10.15 21:59:37 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009.09.15 20:35:46 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2009.06.25 19:41:42 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.02 23:01:48 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Firefox\Profiles\zcdby67b.default\extensions
[2009.07.14 18:34:10 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Extensions\[email protected]
[2009.03.21 17:34:53 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.07.14 18:34:10 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\mozilla\Extensions
[2009.11.01 17:43:27 | 00,001,851 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\4chan-rapidshares.xml
[2009.11.01 17:43:27 | 00,001,457 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\freetranslation-de-en.xml
[2009.11.01 17:43:27 | 00,001,457 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\freetranslation-en-de.xml
[2009.11.01 17:43:27 | 00,001,459 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\freetranslation-eng-es.xml
[2009.11.01 17:43:27 | 00,001,459 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\freetranslation-es-eng.xml
[2009.11.01 17:43:27 | 00,002,234 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\google-maps-deutschland---sat.xml
[2009.03.31 21:01:48 | 00,001,620 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\mozilla-add-ons.xml
[2009.11.01 17:43:27 | 00,001,953 | ---- | M] () -- C:\Users\HRP\AppData\Roaming\Mozilla\FireFox\Profiles\zcdby67b.default\searchplugins\mycroft-project.xml
[2009.10.20 20:58:31 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.08.28 22:59:53 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.04.05 19:31:28 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.11.01 12:47:55 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.10.20 20:58:31 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.01 12:47:47 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.11.01 12:47:47 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.05.01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\libdivx.dll
[2007.04.10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
[2009.07.31 14:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
[2006.02.17 15:59:08 | 00,528,896 | ---- | M] (DivX,Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdivx32.dll
[2009.05.18 23:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009.11.01 12:47:49 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2007.05.02 05:44:29 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
[2009.05.01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\ssldivx.dll
[2009.11.01 12:47:50 | 00,001,534 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\creativecommons.xml
[2009.11.01 12:47:50 | 00,003,996 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\drae.xml
[2009.11.01 12:47:50 | 00,000,751 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-es.xml
[2009.11.01 12:47:50 | 00,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.11.01 12:47:50 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2009.11.01 12:47:50 | 00,000,798 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-es.xml
O1 HOSTS File: (348946 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11965 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [Google Update] C:\Users\HRP\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\HRP\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUpldes-mx.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.04.17 00:01:20 | 00,000,085 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 03:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
========== Files/Folders - Created Within 14 Days ==========
[2009.11.02 22:45:27 | 00,000,000 | ---D | C] -- C:\Programme\ERUNT
[2009.11.02 22:37:00 | 00,000,000 | ---D | C] -- C:\Users\HRP\AppData\Local\temp
[2009.11.02 22:18:46 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009.11.02 22:18:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009.11.02 22:18:43 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009.11.02 22:18:43 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009.11.02 22:16:39 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.11.02 21:22:15 | 00,000,000 | ---D | C] -- C:\Users\HRP\Documents\a-squared Free
[2009.11.02 21:22:15 | 00,000,000 | ---D | C] -- C:\Programme\a-squared Free
[2009.11.02 20:55:08 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.11.01 19:44:53 | 00,000,000 | ---D | C] -- C:\Programme\winks
[2009.10.29 21:58:52 | 00,000,000 | ---D | C] -- C:\Users\HRP\Desktop\David Sylvian & Robert Fripp - Damage (1994) (Live)
[2009.10.25 19:30:14 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2009.10.25 12:17:59 | 00,307,088 | ---- | C] (-) -- C:\Windows\System32\Eraser.dll
[2009.10.25 12:17:59 | 00,083,344 | ---- | C] (-) -- C:\Windows\System32\Erasext.dll
[2009.10.25 12:17:59 | 00,073,104 | ---- | C] (-) -- C:\Windows\System32\Eraserl.exe
[2009.10.25 12:17:59 | 00,000,000 | ---D | C] -- C:\Programme\Eraser
[2008.10.28 11:31:49 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 14 Days ==========
[2009.11.02 23:16:53 | 07,340,032 | ---- | M] () -- C:\Users\HRP\NTUSER.DAT
[2009.11.02 23:05:34 | 01,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.11.02 23:05:34 | 00,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.11.02 23:05:34 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.11.02 23:05:34 | 00,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.11.02 23:05:34 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.11.02 22:59:38 | 08,405,015 | ---- | M] () -- C:\Windows\TempFile
[2009.11.02 22:59:38 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009.11.02 22:59:21 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.11.02 22:59:17 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.11.02 22:59:17 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.11.02 22:59:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.11.02 22:53:24 | 00,524,288 | -HS- | M] () -- C:\Users\HRP\NTUSER.DAT{8fb236e1-3df0-11de-9448-0021972e303d}.TMContainer00000000000000000001.regtrans-ms
[2009.11.02 22:53:24 | 00,065,536 | -HS- | M] () -- C:\Users\HRP\NTUSER.DAT{8fb236e1-3df0-11de-9448-0021972e303d}.TM.blf
[2009.11.02 22:53:20 | 03,250,349 | -H-- | M] () -- C:\Users\HRP\AppData\Local\IconCache.db
[2009.11.02 22:48:19 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009.11.02 22:46:59 | 00,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1721380331-4204598253-2394454005-1006UA.job
[2009.11.02 22:34:13 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009.11.02 21:55:00 | 00,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1721380331-4204598253-2394454005-1000UA.job
[2009.11.02 21:12:18 | 00,000,068 | ---- | M] () -- C:\Users\HRP\Documents\cleartraces.bat
[2009.11.02 21:09:51 | 00,000,569 | ---- | M] () -- C:\Users\HRP\Desktop\cleartraces.lnk
[2009.11.02 14:55:00 | 00,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1721380331-4204598253-2394454005-1000Core.job
[2009.11.02 00:47:00 | 00,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1721380331-4204598253-2394454005-1006Core.job
[2009.11.01 17:13:20 | 00,348,946 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009.11.01 12:47:52 | 00,348,946 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091101-171320.backup
[2009.10.31 17:20:20 | 00,112,640 | ---- | M] () -- C:\Users\HRP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.27 21:21:22 | 00,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI
[2009.10.26 16:44:58 | 00,000,051 | ---- | M] () -- C:\Windows\System32\1256571898.(null)
[2009.10.26 16:29:32 | 00,094,633 | ---- | M] () -- C:\Users\HRP\Desktop\toto.jpg
[2009.10.25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009.10.24 02:50:02 | 00,000,107 | ---- | M] () -- C:\Windows\System32\1256349002.(null)
========== Files Created - No Company Name ==========
[2009.11.02 22:48:19 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009.11.02 22:18:46 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009.11.02 22:18:45 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009.11.02 22:18:44 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009.11.02 22:18:44 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009.11.02 22:18:44 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009.11.02 21:09:36 | 00,000,569 | ---- | C] () -- C:\Users\HRP\Desktop\cleartraces.lnk
[2009.11.02 21:03:57 | 00,000,068 | ---- | C] () -- C:\Users\HRP\Documents\cleartraces.bat
[2009.10.26 16:44:58 | 00,000,051 | ---- | C] () -- C:\Windows\System32\1256571898.(null)
[2009.10.25 20:37:15 | 00,094,633 | ---- | C] () -- C:\Users\HRP\Desktop\toto.jpg
[2009.10.24 02:50:02 | 00,000,107 | ---- | C] () -- C:\Windows\System32\1256349002.(null)
[2009.09.17 05:22:30 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.28 23:15:50 | 00,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.08.08 01:30:07 | 00,082,784 | ---- | C] () -- C:\Users\HRP\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009.08.03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.05 23:14:28 | 00,000,766 | ---- | C] () -- C:\Program Files\PCT.exe.lnk
[2009.06.05 23:14:28 | 00,000,615 | ---- | C] () -- C:\Program Files\Chessimo.lnk
[2009.06.03 04:54:14 | 00,000,038 | ---- | C] () -- C:\Windows\ChssBase.ini
[2009.04.21 20:06:15 | 00,000,030 | ---- | C] () -- C:\Windows\CDMKR32.INI
[2009.04.19 13:41:27 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.04.13 21:41:57 | 00,000,122 | ---- | C] () -- C:\Windows\wininit.ini
[2009.04.09 06:37:42 | 00,872,507 | ---- | C] () -- C:\Windows\System32\mesa.dll
[2009.04.06 22:37:02 | 00,027,520 | ---- | C] () -- C:\Windows\System32\drivers\RTWTKRNL.sys
[2009.04.06 21:33:21 | 00,000,000 | ---- | C] () -- C:\Windows\System32\WNASPI32.DLL.BAK
[2009.04.06 21:33:21 | 00,000,000 | ---- | C] () -- C:\Windows\System32\drivers\ASPI32.SYS.BAK
[2009.04.06 21:31:18 | 00,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2009.04.06 21:20:19 | 00,000,157 | ---- | C] () -- C:\Windows\matlab.ini
[2009.03.22 04:02:15 | 00,112,640 | ---- | C] () -- C:\Users\HRP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.21 18:53:01 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.03.21 17:41:55 | 03,250,349 | -H-- | C] () -- C:\Users\HRP\AppData\Local\IconCache.db
[2009.03.21 16:58:31 | 00,083,240 | ---- | C] () -- C:\Users\HRP\AppData\Local\GDIPFONTCACHEV1.DAT
[2008.10.28 03:18:39 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2007.06.03 19:31:28 | 00,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.02.06 01:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006.11.02 13:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006.11.02 13:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 13:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:23:31 | 00,000,319 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 11:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.10 02:32:16 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006.10.10 02:32:16 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2006.10.10 02:28:35 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2006.10.10 02:28:35 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2006.02.25 19:12:34 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006.02.25 19:09:38 | 00,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2001.12.26 15:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2008.10.28 03:31:38 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\Acer GameZone Console
[2009.06.03 04:55:19 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\ChessBase
[2009.08.28 23:15:43 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\Corel
[2009.05.25 21:13:35 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\eSobi
[2009.03.29 09:25:46 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\IrfanView
[2009.03.27 00:51:06 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\NASA
[2009.04.05 21:00:17 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\Opera
[2009.04.02 20:09:04 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\streamripper
[2009.08.03 08:31:13 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\Thinstall
[2009.03.26 19:20:34 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\Thunderbird
[2009.07.14 18:34:09 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\TomTom
[2009.03.27 02:08:07 | 00,000,000 | ---D | M] -- C:\Users\HRP\AppData\Roaming\virtualmoon
[2009.11.02 22:59:21 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009.11.02 22:53:23 | 00,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[1999.10.02 11:24:46 | 00,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Programme\MATLAB\R2007a\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2008.01.21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006.11.02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\HRP\Desktop\video.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\HRP\Desktop\natacion.avi:TOC.WMV
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4F636E25
< End of report >
OTL Extras logfile created on: 02.11.2009 23:17:12 - Run 1
OTL by OldTimer - Version 3.1.3.1 Folder = C:\Users\HRP\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,61% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,15 Gb Total Space | 55,25 Gb Free Space | 38,87% Space Free | Partition Type: NTFS
Drive D: | 142,93 Gb Total Space | 80,09 Gb Free Space | 56,03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 3,73 Gb Total Space | 1,54 Gb Free Space | 41,37% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: HRP-PC
Current User Name: HRP
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13884D82-BF91-4992-905D-9F56F1078666}" = lport=137 | protocol=17 | dir=in | app=system |
"{3A89FE31-1F8F-4112-AA4F-F5C6C8E80758}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EEF1272-1E6F-463C-9DD7-62831BBF8232}" = lport=445 | protocol=6 | dir=in | app=system |
"{42CAB28C-FA0A-4F79-A82D-58B2CC13C063}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{63B12FF0-7360-4B42-9414-BD2F6A8FA08E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C8B5601-875A-4A04-A281-F33A7E9DF56C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C762399-2861-4AEB-80DC-4A123C8E4393}" = rport=445 | protocol=6 | dir=out | app=system |
"{92788A4B-33B5-4C27-849E-AB7E61A3646C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{97EFE13C-DF9B-44C6-B559-23CF9AA3A215}" = rport=139 | protocol=6 | dir=out | app=system |
"{A5C69872-3C31-44BA-84BB-BDD47870C9B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AA598F71-67D2-4419-AA70-66BF395FDC74}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BA872DA4-3405-47A1-B5DC-0925F9D69D37}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA2E299F-219C-4A99-986D-0B8E15DF3C4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBB61F2D-FA4E-4505-9A6D-4D995A3C2645}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6185B34-E83C-4ACE-B2D9-A6C1FF371976}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1B23B26-2CFA-4355-96B6-59D5888AEB11}" = rport=138 | protocol=17 | dir=out | app=system |
"{E3671C9B-A2CD-4F95-A72D-67A0043ADA09}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E8F1938B-A617-4952-B335-A307876778E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF7B4D4B-8FED-4BA2-A6AF-78C53F22FE61}" = lport=139 | protocol=6 | dir=in | app=system |
"{F100149C-AF1B-40B4-9C61-EF20F37FCB31}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFB1CB65-6EBD-4A97-B71D-EBF8F5461186}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01111B72-1050-4E28-BA23-DE0F6E8B0649}" = protocol=58 | dir=out | [email protected],-28546 |
"{019E7658-3B0E-4DF2-930C-2A9274F013B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{02EB46A6-874A-49EE-8E9D-F5DF8F71B0DD}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{0B77CA0E-73E3-42A7-81AA-6E571083200D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{0EFF8208-8540-48EA-BBD3-B7CB7F62BF24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10DEA36A-A6F0-4568-884F-645E251C3DE6}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{13F8DDAC-5E9F-4C2F-83D6-1A95509FCD0F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{1B2957B2-057F-4035-A928-2AF3A9EF4B9D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{286FDB5E-A787-4CEC-B4EA-F875577FC057}" = protocol=58 | dir=in | [email protected],-28545 |
"{391A472E-9D29-49FB-A09E-EE724D0F15AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3976701B-C292-45D3-9D48-1E81364F7947}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{3EE8CB0A-9C4C-4900-BDE4-D2328EFEBC88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43651FB3-98FD-4678-8930-4EA7DE9AD1C9}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{4B752729-26A8-43CA-94F6-AE8D20FED741}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5558548C-2788-4D7B-9814-157A4F660312}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{5C9C204F-1256-4DA9-9CBC-42577EC48660}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6376ABB3-DC46-455B-B3B2-8B8F6D05C409}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F668880-84C9-46C0-8A98-66B9E4BAA321}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7285CAEC-E7AE-45AF-B8B8-3D5E240DC5F1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{731057D2-B45B-4969-93B2-1155798CC3AB}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{885E3167-D530-4379-A08E-180A82E75359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D6EE5A1-7758-4668-B398-7193F1FB796D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9C853D9E-4548-468E-901B-BD48326429F5}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{A07224C4-ED82-44FA-A857-B017FDF756E3}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AA65C8E3-C18E-4143-B74E-710F601B4F93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4DD9959-42D2-4C03-80EE-31CC48E85113}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC493AB9-26D3-4405-B539-0C56DBC19A91}" = protocol=1 | dir=out | [email protected],-28544 |
"{CB445F8C-2960-4CDF-A6CC-6FE74DB11E45}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{D03357EE-B605-4380-80EF-C2B3235848AB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D3AB8735-8CE3-47AC-BD1E-B929CDFAD72A}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{DE925D0B-1FD0-4C8B-A9BE-42D02174DCC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E35E0AE6-1700-4EF1-AE65-09A3532F092B}" = protocol=1 | dir=in | [email protected],-28543 |
"{EAB35C71-FA13-4FEF-B829-E6BAEBD18263}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{EBF5276E-8A6A-40D0-9172-5FD639E19B4E}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{ED8B4D6E-B15D-463B-B08C-F449E6E14876}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFDF4826-FA45-4518-B474-4F0E9EB70848}" = protocol=6 | dir=out | app=system |
"TCP Query User{0D95A3F6-4771-43DF-A57A-C99BFB5289FB}C:\program files\winks\ig.exe" = protocol=6 | dir=in | app=c:\program files\winks\ig.exe |
"TCP Query User{212080CE-796F-47F3-9313-7E0C247C9600}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2592CBAC-107C-4CD8-B02C-FA6EB13032B2}C:\users\goldis\desktop\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe" = protocol=6 | dir=in | app=c:\users\goldis\desktop\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe |
"TCP Query User{2C2EC8D8-C9BC-49A8-A435-D35915C1E22F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{916ED3C1-6DAA-4234-8515-38E76E571DA5}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{A97C897B-401C-429E-B06E-676E1A9610FF}\\hrp-data\myshare\backup lab\romo-parra\download\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe" = protocol=6 | dir=in | app=\\hrp-data\myshare\backup lab\romo-parra\download\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe |
"UDP Query User{172816CA-88BC-4EF2-B0ED-F041D5030B15}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{3380982F-CBE3-408B-8662-092317F9CB59}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9CF5C04F-2454-4CE6-B1A4-3D2B4456B335}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C85A5ACC-AA27-409A-A27F-BBD793216E0E}\\hrp-data\myshare\backup lab\romo-parra\download\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe" = protocol=17 | dir=in | app=\\hrp-data\myshare\backup lab\romo-parra\download\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe |
"UDP Query User{CEC883F0-5B2C-4575-BB20-861E7CF465BB}C:\users\goldis\desktop\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe" = protocol=17 | dir=in | app=c:\users\goldis\desktop\850 guiños para msn [con visor e instalador]\instalador de los guiños\mcoviewer1_1.exe |
"UDP Query User{D598CCB7-8C00-46B2-A06C-95FEADA4EF24}C:\program files\winks\ig.exe" = protocol=17 | dir=in | app=c:\program files\winks\ig.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 16
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1" = Virtual Moon Atlas Pro 4.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F0F01E5-A98F-4744-85AE-3375318C452D}" = Fritz11
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90280C0A-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}" = BabasChess
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BC14F40D-7C13-4F3A-9F4A-3835D7642036}" = PE585QAEncoder-32
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CED3B64B-9381-4AB8-A213-6C084C952E43}" = Zamzom Wireless
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6FE40C1-790D-4684-AF45-E468EC1E6E27}" = Chessimo 3.02
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F245E2B9-58F8-48CC-8526-A0CB8DE1512B}" = Axon pCLAMP 9.2
"{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Free_is1" = a-squared Free 4.5
"AutoItv3" = AutoIt v3.3.0.0
"AviSynth" = AviSynth 2.5
"BeatScanner 1.41_is1" = BeatScanner 1.41
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"FormatFactory" = FormatFactory 2.10
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.5
"HijackThis" = HijackThis 2.0.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"IrfanView" = IrfanView (remove only)
"Jetcast" = Jetcast 3.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2007a" = MATLAB R2007a
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiniAnalysis" = MiniAnalysis
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NASA World Wind 1.4" = NASA World Wind 1.4
"NVIDIA Drivers" = NVIDIA Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Compresor WinRAR
"WinX DVD Ripper_is1" = WinX DVD Ripper 4.1.2
"Wubi" = Ubuntu
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.10.2009 11:37:15 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 29.10.2009 11:47:06 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 29.10.2009 11:51:15 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 29.10.2009 11:53:58 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 29.10.2009 12:09:34 | Computer Name = HRP-PC | Source = MsiInstaller | ID = 1002
Description =
Error - 29.10.2009 12:09:59 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 29.10.2009 14:37:54 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 29.10.2009 15:13:54 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 29.10.2009 15:26:17 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 29.10.2009 16:34:57 | Computer Name = HRP-PC | Source = Windows Search Service | ID = 3083
Description =
[ System Events ]
Error - 02.11.2009 18:07:24 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...ds\RootRepeal.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08dafcef6b]).
Error - 02.11.2009 18:07:24 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08da5fec1b]).
Error - 02.11.2009 18:07:26 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08db61568b]).
Error - 02.11.2009 18:07:26 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08db8b9adb]).
Error - 02.11.2009 18:07:28 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08dca39a8b]).
Error - 02.11.2009 18:07:28 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08dca39a8b]).
Error - 02.11.2009 18:07:30 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08ddc07c3b]).
Error - 02.11.2009 18:07:30 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08ddc9f21b]).
Error - 02.11.2009 18:07:30 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08ddc44ccb]).
Error - 02.11.2009 18:07:30 | Computer Name = HRP-PC | Source = SAVOnAccess | ID = 3997781
Description = Der Scan von Datei [...Downloads\OTL.exe] wurde nach einer Zeitüberschreitung/Auslastung
durchgeführt. Sie wird protokolliert. Prozess explorer.exe, (Überprüfung des Zeitstempels
[ 1ca5c08ddd1451b]).
< End of report >
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/02 23:03
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x8F3F4000 Size: 40960 File Visible: No Signed: -
Status: -
Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x837CD000 Size: 147456 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA6167000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1172 Status: Locked to the Windows API!
==EOF==
Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3089
Windows 6.0.6002 Service Pack 2
02.11.2009 23:26:18
mbam-log-2009-11-02 (23-26-18).txt
Tipo de examen : Examen Rápido
Objetos examinados: 109429
Tiempo transcurrido: 3 minute(s), 3 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
(No se han detectado elementos maliciosos)
Ficheros Infectados:
(No se han detectado elementos maliciosos)
Edited by hrparra, 03 November 2009 - 10:37 AM.
Sign In
Create Account
