| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unerwünscht Popups und Google sucht nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.07.2012, 17:47
| #1 |
| |  Unerwünscht Popups und Google sucht nicht Hallo, ich habe folgendes Problem. Ich dürfte einen Trojaner oder Tracking Cookie auf meinem System haben. Unerwünschte Popups unten rechts im Browser, PC ist langsam und Google sucht nicht. Man kann google.com oder .de aufrufen allerdings sucht Google nicht wenn man einen Begriff eingibt. Die Popups habe ich mit Eintrag in der Hosts Datei schon abgestellt. Dennoch ist etwas auf meine System, da Virenscanner und Spybot nicht finden. Kann mir jemand helfen - bitte ? Hier mein Log von Hijack This HieLogfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:41:01, on 18.07.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\mstsc.exe C:\Program Files\Logitech\Logitech Vid\Vid.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\OpenOffice.org 3\program\swriter.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\f.putz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COZIUHTP\HiJackThis204.exe C:\Users\f.putz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISOZ4Y6Y\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.starmovie.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\f.putz\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode O4 - HKCU\..\Run: [Spotify] "C:\Users\f.putz\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [Client Server Runtime Process] C:\Users\f.putz\AppData\Roaming\System32\csrss.exe O4 - HKCU\..\Run: [Host-process Windows (Rundll32.exe)] C:\Users\f.putz\AppData\Roaming\System32\csrss.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.10.1:4343/officescan/console/html/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.1.10.1:4343/officescan/console/html/ClientInstall/setup.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.10.1:4343/officescan/console/html/root/AtxEnc.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - hxxp://cam2.welle1.at/activex/AxisCamControl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - hxxp://10.1.2.22/activex/AMC.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O20 - AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing) O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: HP ProtectTools Gerätesperre/Überwachung (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- End of file - 14354 bytes |
|
19.07.2012, 16:57
| #2 |
| /// Malware-holic   | Unerwünscht Popups und Google sucht nicht hi
__________________bitte foren regeln lesen, hijackthis logs wollen wir nicht. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
20.07.2012, 11:47
| #3 |
| | Unerwünscht Popups und Google sucht nicht Hallo und sorry.
__________________Hier die Files von OTL: OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.07.2012 12:24:52 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\f.putz\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,98 Gb Total Physical Memory | 0,64 Gb Available Physical Memory | 32,37% Memory free 3,97 Gb Paging File | 2,18 Gb Available in Paging File | 54,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 103,47 Gb Total Space | 75,02 Gb Free Space | 72,50% Space Free | Partition Type: NTFS Drive D: | 8,32 Gb Total Space | 0,42 Gb Free Space | 4,99% Space Free | Partition Type: NTFS Computer Name: MOBIL-FP | User Name: f.putz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.20 12:23:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\f.putz\Desktop\OTL.exe PRC - [2012.06.20 19:02:30 | 012,163,848 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.06.17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2010.01.31 17:40:52 | 004,367,360 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE PRC - [2010.01.31 17:40:52 | 003,718,656 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE PRC - [2010.01.31 17:40:52 | 000,026,112 | ---- | M] () -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE PRC - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009.09.08 03:30:50 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe PRC - [2009.09.04 20:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe PRC - [2009.09.04 20:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe PRC - [2009.08.25 10:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.08.25 10:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.23 22:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.07.30 17:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009.07.30 17:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.07.30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.07.29 16:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2009.07.29 13:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe PRC - [2009.07.28 04:06:04 | 000,078,608 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe PRC - [2009.07.16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe PRC - [2009.07.15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe PRC - [2009.06.03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe PRC - [2009.06.03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe PRC - [2009.06.03 17:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe PRC - [2009.04.02 17:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.05.25 21:43:58 | 001,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe PRC - [2008.05.25 21:43:54 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe PRC - [2008.05.25 21:43:52 | 000,408,088 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe PRC - [2008.05.25 21:43:50 | 000,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe PRC - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE ========== Modules (No Company Name) ========== MOD - [2012.07.20 11:49:17 | 001,018,368 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\windows._cacheinvalidation.pyd MOD - [2012.07.20 11:49:17 | 000,792,576 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\wx._gdi_.pyd MOD - [2012.07.20 11:49:17 | 000,571,392 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\pysqlite2._sqlite.pyd MOD - [2012.07.20 11:49:17 | 000,263,168 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\win32com.shell.shell.pyd MOD - [2012.07.20 11:49:17 | 000,153,088 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\pyexpat.pyd MOD - [2012.07.20 11:49:17 | 000,096,256 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\win32api.pyd MOD - [2012.07.20 11:49:17 | 000,086,016 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\_elementtree.pyd MOD - [2012.07.20 11:49:17 | 000,070,656 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\wx._html2.pyd MOD - [2012.07.20 11:49:17 | 000,040,448 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\_socket.pyd MOD - [2012.07.20 11:49:17 | 000,011,776 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\win32crypt.pyd MOD - [2012.07.20 11:49:16 | 000,731,136 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\wx._misc_.pyd MOD - [2012.07.20 11:49:16 | 000,645,120 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\_ssl.pyd MOD - [2012.07.20 11:49:16 | 000,354,304 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\pythoncom26.dll MOD - [2012.07.20 11:49:16 | 000,110,592 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\pywintypes26.dll MOD - [2012.07.20 11:49:16 | 000,073,728 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\_ctypes.pyd MOD - [2012.07.20 11:49:15 | 001,169,408 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\wx._core_.pyd MOD - [2012.07.20 11:49:15 | 001,056,256 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\wx._controls_.pyd MOD - [2012.07.20 11:49:15 | 000,807,424 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\wx._windows_.pyd MOD - [2012.07.20 11:49:15 | 000,585,728 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\unicodedata.pyd MOD - [2012.07.20 11:49:15 | 000,311,808 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\_hashlib.pyd MOD - [2012.07.20 11:49:15 | 000,121,856 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\wx._wizard.pyd MOD - [2012.07.20 11:49:15 | 000,111,104 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\win32file.pyd MOD - [2012.07.20 11:49:15 | 000,039,424 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\win32inet.pyd MOD - [2012.07.20 11:49:15 | 000,036,352 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\win32process.pyd MOD - [2012.07.20 11:49:15 | 000,022,528 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\win32pdh.pyd MOD - [2012.07.20 11:49:15 | 000,017,920 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\win32event.pyd MOD - [2012.07.20 11:49:15 | 000,011,776 | ---- | M] () -- C:\Users\FC312~1.PUT\AppData\Local\Temp\_MEI57002\select.pyd MOD - [2012.06.17 12:27:14 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.17 12:26:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.17 12:26:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.13 12:49:26 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.13 12:43:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.13 12:43:20 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012.05.13 12:42:57 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.13 12:42:45 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.10.14 14:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LvApi11\LvApi11.dll MOD - [2009.08.23 19:58:06 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2009.07.30 17:49:52 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2009.07.16 16:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll MOD - [2009.07.16 16:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll MOD - [2009.07.16 16:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll MOD - [2009.07.16 16:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\SDL.dll MOD - [2009.07.16 16:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtxml4.dll MOD - [2009.07.16 16:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll MOD - [2009.07.16 16:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtsql4.dll MOD - [2009.07.16 16:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll MOD - [2009.07.16 16:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll MOD - [2009.07.16 16:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtGui4.dll MOD - [2009.07.16 16:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtCore4.dll MOD - [2009.07.16 16:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\phonon4.dll MOD - [2009.06.17 12:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2009.06.17 12:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2009.06.17 12:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.07.17 10:43:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010.05.22 23:33:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.01.31 17:40:52 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc) SRV - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.10.05 19:43:54 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK) SRV - [2009.09.04 20:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2009.09.04 20:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan) SRV - [2009.08.25 10:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.08.23 22:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.08.07 17:59:00 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2009.07.30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.29 16:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2009.07.29 13:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2009.07.28 03:59:40 | 000,192,784 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2009.07.28 03:59:34 | 000,150,288 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2009.07.15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore) SRV - [2008.11.03 21:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2008.05.25 21:43:58 | 001,464,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel(R) SRV - [2008.05.25 21:43:54 | 000,182,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R) SRV - [2008.05.25 21:43:50 | 000,121,368 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R) SRV - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2012.01.12 09:26:20 | 000,101,112 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE) DRV - [2011.07.12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter) DRV - [2011.07.12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter) DRV - [2011.07.12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt) DRV - [2011.06.21 06:09:00 | 000,200,976 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm) DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.12.04 06:45:00 | 010,370,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.01 02:07:44 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10) DRV - [2010.04.19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.01.31 17:40:52 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2009.10.07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.10.02 20:23:26 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.09.08 10:14:10 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv) DRV - [2009.08.23 22:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.07.29 16:30:28 | 000,051,408 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2009.07.29 16:30:20 | 000,012,960 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2009.07.29 16:30:18 | 000,012,528 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2009.07.29 16:30:16 | 000,109,216 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009.07.29 14:00:52 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009.07.20 16:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32) DRV - [2009.07.15 17:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.06.25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.06.25 17:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.06.25 17:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.06.05 20:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R) DRV - [2009.04.29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009.04.20 09:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2009.03.02 15:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2009.03.02 15:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.11.03 21:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008.07.26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.07.26 16:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2008.07.26 16:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2008.07.26 16:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter) DRV - [2007.07.12 11:41:52 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Star Movie - the first class cinema. - Dein Kino in Peuerbach, Regau, Liezen, Ried, Steyr, Wels IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE B6 F1 A5 83 A2 CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\f.putz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\f.putz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\f.putz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\f.putz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.16 17:29:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.16 17:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\f.putz\AppData\Roaming\mozilla\Extensions [2012.07.16 17:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.17 15:30:07 | 000,601,222 | -HS- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 edgesuite.net O1 - Hosts: 127.0.0.1 content.yieldmanager.edgesuite.net O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 abcstats.com O1 - Hosts: 127.0.0.1 a.abv.bg O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 ca.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 Accuserve Online Ad Delivery System O1 - Hosts: 127.0.0.1 achmedia.com O1 - Hosts: 127.0.0.1 aconti.net O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 aconti.netService #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 csh.actiondesk.com O1 - Hosts: 127.0.0.1 Marketing Automation & Online Lead Generation System - Active Conversion #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 16152 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation) O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKCU..\Run: [Client Server Runtime Process] C:\Users\f.putz\AppData\Roaming\System32\csrss.exe File not found O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [Host-process Windows (Rundll32.exe)] C:\Users\f.putz\AppData\Roaming\System32\csrss.exe File not found O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [Spotify] "C:\Users\f.putz\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://10.1.10.1:4343/officescan/console/html/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class) O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://10.1.10.1:4343/officescan/console/html/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://10.1.10.1:4343/officescan/console/html/root/AtxEnc.cab (Encrypt Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://cam2.welle1.at/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://10.1.2.22/activex/AMC.cab (AxisMediaControlEmb Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1 213.174.248.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42ACF607-F75D-49BB-A305-966C0F878280}: DhcpNameServer = 10.1.10.1 213.174.248.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C78B1A2-45D1-4FFC-8EEB-7C77C34EF78F}: DhcpNameServer = 10.1.10.1 213.174.248.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E46B6236-3549-4F43-B660-149250140E89}: DhcpNameServer = 194.48.139.254 194.48.124.200 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2001.07.28 01:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | ---- | M] () - D:\AUTORUN.del -- [ NTFS ] O33 - MountPoints2\{704c01dd-3da8-11e0-977e-001e379ca288}\Shell - "" = AutoRun O33 - MountPoints2\{704c01dd-3da8-11e0-977e-001e379ca288}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{990d8cea-b295-11e0-b552-001b38f812f2}\Shell - "" = AutoRun O33 - MountPoints2\{990d8cea-b295-11e0-b552-001b38f812f2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{990d8cfb-b295-11e0-b552-001b38f812f2}\Shell - "" = AutoRun O33 - MountPoints2\{990d8cfb-b295-11e0-b552-001b38f812f2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.20 12:23:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\f.putz\Desktop\OTL.exe [2012.07.17 17:06:21 | 000,000,000 | ---D | C] -- C:\Users\f.putz\Desktop\Neuer Ordner [2012.07.17 12:36:13 | 000,000,000 | ---D | C] -- C:\Users\f.putz\Desktop\sicherung [2012.07.17 11:55:31 | 000,000,000 | ---D | C] -- C:\Users\f.putz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2012.07.16 18:35:23 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted [2012.07.16 18:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun [2012.07.16 18:32:35 | 000,000,000 | -H-D | C] -- C:\Users\f.putz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items [2012.07.16 18:32:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items [2012.07.16 18:32:34 | 000,000,000 | ---D | C] -- C:\Users\f.putz\Documents\RegRun2 [2012.07.16 18:32:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo [2012.07.16 18:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis [2012.07.16 17:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.07.16 17:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.07.16 17:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.07.16 17:29:41 | 000,000,000 | ---D | C] -- C:\Users\f.putz\AppData\Local\Mozilla [2012.07.16 17:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.07.16 17:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.07.16 17:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.07.16 16:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2012.07.16 16:31:09 | 000,101,112 | R--- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2012.06.26 17:01:51 | 000,000,000 | ---D | C] -- C:\Users\f.putz\AppData\Roaming\Mozilla [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\f.putz\*.tmp files -> C:\Users\f.putz\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.20 12:23:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\f.putz\Desktop\OTL.exe [2012.07.20 12:19:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.20 12:07:06 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3921311540-2883726647-2596213111-1000UA.job [2012.07.20 11:55:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.20 11:51:34 | 000,014,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 11:51:34 | 000,014,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 11:48:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.20 11:45:31 | 000,015,989 | ---- | M] () -- C:\Windows\cfgall.ini [2012.07.20 11:44:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.20 11:44:08 | 1597,480,960 | -HS- | M] () -- C:\hiberfil.sys [2012.07.18 19:59:26 | 1689,157,207 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.18 19:01:10 | 000,007,604 | ---- | M] () -- C:\Users\f.putz\AppData\Local\Resmon.ResmonCfg [2012.07.18 16:19:37 | 000,022,607 | ---- | M] () -- C:\Users\f.putz\Desktop\Lorax-Teaserposter-AT_01.jpg [2012.07.17 17:04:50 | 000,709,370 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.17 17:04:50 | 000,671,212 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.17 17:04:50 | 000,147,650 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.17 17:04:50 | 000,124,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.17 15:30:07 | 000,601,222 | -HS- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.07.17 13:06:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3921311540-2883726647-2596213111-1000Core.job [2012.07.17 08:12:45 | 000,339,810 | ---- | M] () -- C:\Users\f.putz\AppData\Local\census.cache [2012.07.17 08:12:43 | 000,110,317 | ---- | M] () -- C:\Users\f.putz\AppData\Local\ars.cache [2012.07.17 08:05:38 | 000,000,036 | ---- | M] () -- C:\Users\f.putz\AppData\Local\housecall.guid.cache [2012.07.16 18:52:14 | 000,004,376 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2012.07.16 18:32:42 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.07.16 18:32:42 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt [2012.07.16 18:32:42 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat [2012.07.16 18:32:11 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\RegRun WatchDog Schedule Task.job [2012.07.16 17:34:11 | 000,001,180 | ---- | M] () -- C:\Users\f.putz\Desktop\Spybot - Search & Destroy.lnk [2012.07.16 17:29:27 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.16 14:23:46 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120716-181843.backup [2012.07.16 14:23:46 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120716-174702.backup [2012.07.13 13:28:23 | 000,376,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\f.putz\*.tmp files -> C:\Users\f.putz\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Users\f.putz\AppData\Roaming\svchost.exe [2012.07.18 19:01:10 | 000,007,604 | ---- | C] () -- C:\Users\f.putz\AppData\Local\Resmon.ResmonCfg [2012.07.18 16:19:43 | 000,022,607 | ---- | C] () -- C:\Users\f.putz\Desktop\Lorax-Teaserposter-AT_01.jpg [2012.07.17 12:54:06 | 1689,157,207 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.07.16 18:39:58 | 000,004,376 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2012.07.16 18:32:42 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat [2012.07.16 18:32:11 | 000,000,430 | ---- | C] () -- C:\Windows\tasks\RegRun WatchDog Schedule Task.job [2012.07.16 18:32:05 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp [2012.07.16 17:34:11 | 000,001,180 | ---- | C] () -- C:\Users\f.putz\Desktop\Spybot - Search & Destroy.lnk [2012.07.16 17:29:27 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.07.16 17:29:27 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.16 16:23:52 | 000,339,810 | ---- | C] () -- C:\Users\f.putz\AppData\Local\census.cache [2012.07.16 16:23:44 | 000,110,317 | ---- | C] () -- C:\Users\f.putz\AppData\Local\ars.cache [2012.07.16 16:06:44 | 000,000,036 | ---- | C] () -- C:\Users\f.putz\AppData\Local\housecall.guid.cache [2011.02.25 13:39:03 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.01.10 15:16:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.01.10 15:16:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2010.09.24 14:28:13 | 000,007,680 | ---- | C] () -- C:\Users\f.putz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.26 13:56:36 | 000,002,148 | ---- | C] () -- C:\Users\f.putz\cm.RDP [2010.02.22 20:59:14 | 000,002,150 | ---- | C] () -- C:\Users\f.putz\mobil_fp.RDP [2010.02.01 10:46:36 | 544,490,496 | ---- | C] () -- C:\Users\f.putz\archive.pst ========== LOP Check ========== [2010.08.23 16:02:47 | 000,000,000 | ---D | M] -- C:\Users\f.putz\AppData\Roaming\FileZilla [2011.12.16 11:39:35 | 000,000,000 | ---D | M] -- C:\Users\f.putz\AppData\Roaming\Leadertech [2011.01.19 22:00:35 | 000,000,000 | ---D | M] -- C:\Users\f.putz\AppData\Roaming\Nokia [2010.02.01 10:21:12 | 000,000,000 | ---D | M] -- C:\Users\f.putz\AppData\Roaming\OpenOffice.org [2010.04.21 15:07:49 | 000,000,000 | ---D | M] -- C:\Users\f.putz\AppData\Roaming\PC Suite [2012.07.16 18:32:11 | 000,000,430 | ---- | M] () -- C:\Windows\Tasks\RegRun WatchDog Schedule Task.job [2012.06.08 13:10:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.01.31 16:40:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.02.10 12:44:34 | 000,000,000 | ---D | M] -- C:\98fa746d442d1c89ee [2012.01.11 22:21:53 | 000,000,000 | ---D | M] -- C:\a7dadd9ee6765507ee87b0e2b9c35fbe [2011.02.25 14:28:48 | 000,000,000 | -HSD | M] -- C:\Boot [2012.07.20 12:07:06 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.01.31 16:39:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.08.23 16:03:00 | 000,000,000 | ---D | M] -- C:\Download [2010.01.31 16:55:40 | 000,000,000 | ---D | M] -- C:\Intel [2010.02.01 10:33:23 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.07.17 12:06:42 | 000,000,000 | ---D | M] -- C:\Program Files [2012.07.20 11:49:04 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.01.31 16:39:51 | 000,000,000 | -HSD | M] -- C:\Programme [2010.01.31 16:39:51 | 000,000,000 | -HSD | M] -- C:\Recovery [2010.04.21 14:17:01 | 000,000,000 | ---D | M] -- C:\SwSetup [2012.07.20 12:28:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.04.20 12:37:15 | 000,000,000 | ---D | M] -- C:\temp [2010.01.31 16:40:01 | 000,000,000 | R--D | M] -- C:\Users [2012.07.18 19:59:26 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Users\f.putz\Documents\RegRun2\Files\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2009.08.07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.08.07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SwSetup\SP45106\Winall\Driver\IaStor.sys [2009.08.07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys [2009.08.07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_1f2a8fa4448bd5bf\iaStor.sys [2009.08.07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.08.07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\SwSetup\SP45106\Winall\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.07.29 16:30:16 | 000,109,216 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\SafeBoot.sys < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2010.01.31 17:40:52 | 000,953,856 | ---- | M] (Broadcom Corporation) Unable to obtain MD5 -- C:\Windows\system32\BCMLogon.dll [2011.04.10 20:05:23 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.04.10 20:05:23 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll < %USERPROFILE%\*.* > [2011.09.03 12:06:49 | 544,490,496 | ---- | M] () -- C:\Users\f.putz\archive.pst [2010.06.30 10:41:10 | 000,002,148 | ---- | M] () -- C:\Users\f.putz\cm.RDP [2010.06.30 10:41:21 | 000,002,150 | ---- | M] () -- C:\Users\f.putz\mobil_fp.RDP [2012.07.20 12:42:32 | 007,077,888 | -HS- | M] () -- C:\Users\f.putz\ntuser.dat [2012.07.20 12:42:32 | 000,262,144 | -HS- | M] () -- C:\Users\f.putz\ntuser.dat.LOG1 [2010.01.31 16:40:04 | 000,000,000 | -HS- | M] () -- C:\Users\f.putz\ntuser.dat.LOG2 [2011.03.06 12:55:41 | 000,065,536 | -HS- | M] () -- C:\Users\f.putz\ntuser.dat{3e3f313f-47dd-11e0-a1b6-001e379ca288}.TM.blf [2011.03.06 12:55:41 | 000,524,288 | -HS- | M] () -- C:\Users\f.putz\ntuser.dat{3e3f313f-47dd-11e0-a1b6-001e379ca288}.TMContainer00000000000000000001.regtrans-ms [2011.03.06 12:55:41 | 000,524,288 | -HS- | M] () -- C:\Users\f.putz\ntuser.dat{3e3f313f-47dd-11e0-a1b6-001e379ca288}.TMContainer00000000000000000002.regtrans-ms [2010.01.31 16:46:23 | 000,065,536 | -HS- | M] () -- C:\Users\f.putz\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.01.31 16:46:23 | 000,524,288 | -HS- | M] () -- C:\Users\f.putz\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.01.31 16:46:23 | 000,524,288 | -HS- | M] () -- C:\Users\f.putz\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.01.31 16:40:04 | 000,000,020 | -HS- | M] () -- C:\Users\f.putz\ntuser.ini [1 C:\Users\f.putz\*.tmp files -> C:\Users\f.putz\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > EXTRA.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.07.2012 12:24:52 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\f.putz\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,98 Gb Total Physical Memory | 0,64 Gb Available Physical Memory | 32,37% Memory free
3,97 Gb Paging File | 2,18 Gb Available in Paging File | 54,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103,47 Gb Total Space | 75,02 Gb Free Space | 72,50% Space Free | Partition Type: NTFS
Drive D: | 8,32 Gb Total Space | 0,42 Gb Free Space | 4,99% Space Free | Partition Type: NTFS
Computer Name: MOBIL-FP | User Name: f.putz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02604953-9EF9-49B9-A59D-16333338BBDB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0AB58B28-34EF-47E1-939B-91388925DDCC}" = rport=138 | protocol=17 | dir=out | app=system |
"{210580C2-9D18-4E9C-94B1-24FC5E57FC97}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3670E136-E838-4D52-BA14-214D4653034C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{41F90E78-D8D3-4EC1-929C-A3C74050D851}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4FA07621-FF7A-44A8-9A5B-2EF9CD777A7D}" = lport=138 | protocol=17 | dir=in | app=system |
"{5BACB831-50ED-4B5E-84C7-5F6E688FB1A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B5F8775-6861-4E88-9912-8E225730C1C2}" = rport=137 | protocol=17 | dir=out | app=system |
"{71145EA9-23E6-490E-9A49-F7BFC45CE0AD}" = lport=50667 | protocol=6 | dir=in | name=trend micro officescan listener |
"{98B1C0F4-985D-4491-A55F-C14C3A021D9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{991A159B-8329-45FB-A1A1-A9284473355B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FCC221C-5A29-46DC-A26B-C816E3002600}" = rport=445 | protocol=6 | dir=out | app=system |
"{D1BA8B0F-A24C-4EF4-8F07-9B84DA0A3331}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D27C9CAF-80CC-4ED5-BF1E-F9F8805386F2}" = lport=445 | protocol=6 | dir=in | app=system |
"{D58D6FDE-E9B3-4AC2-BEBA-F17DB7C71FB4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE0FB627-B458-42BC-B158-47F58CF3432C}" = lport=137 | protocol=17 | dir=in | app=system |
"{E4E082B9-5C04-4F93-AAEE-57ED850E9AAA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E7A7EA84-D119-4FFC-A132-FDF5EDB48F9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3C7CBD2-435C-449B-AF7B-E92AD9471AEB}" = rport=139 | protocol=6 | dir=out | app=system |
"{F459D0D2-BF78-4198-A1CA-951BD37B7B54}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F88649A2-F628-4B1F-830A-8FEE3370CB46}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCF5D431-CDD2-4297-AFC3-84BE00012F81}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EFCB853-4489-4663-9CCA-2218DFBFA55D}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{2825C3AE-B40D-4C97-8131-7A4673C8E8E3}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{50CE4A3B-3FEE-43FC-9405-A4E298AC6A7B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6681CD9B-303C-41BD-A65E-449B405C1EE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7202DEF1-03D3-4A6A-A2A3-705E733ED1C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73444A58-EF7E-49B0-A2EA-DE16D78EFE38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81ACAA34-C1F4-413A-A4D5-90708388224E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9E92A920-5795-4E3C-98D1-09B84C6991A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1AAC4EA-BD1C-49D7-BDFB-E78A33158BFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A8DD84EF-8FB2-48AB-9A0F-7A846D90944F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AA2BDBF6-1B94-4D4B-862A-B5CABED52AB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADA43753-E9D0-439D-8892-2BF9E8E0A7FB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BB2C4563-7E4E-499E-AE8B-4383727D3B2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BF33ED18-BE51-4BCA-8844-AAEC9FA32771}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF72DF68-4288-45D3-B3E2-C15AD9CB7AD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4939779-DF16-4673-B654-AFFC6AC7D3DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E374888E-4AFD-486C-AD1B-101D6997CE97}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E43D93E0-95B3-4CDE-9731-A8708B564E5C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E84C0560-68E3-43F7-9BED-EB212B0EF262}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F602BD36-002C-4AE9-8143-B4A404C0D5A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F867057B-D4A8-43C1-B427-49FBCC0E72C6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F92215DC-F613-485F-BB50-CDAE87C1CC66}" = protocol=6 | dir=out | app=system |
"{FDA6AB13-1D6D-4878-98C1-CBDAA4456149}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{0F947CF9-D8BB-45F1-827D-08C8EFE31D6F}C:\users\f.putz\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\f.putz\appdata\roaming\spotify\spotify.exe |
"TCP Query User{29D92D2A-6A2B-4ABB-B035-1A8FA67ABF66}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{4199B6E2-220C-40AB-9C04-71A8DDBD5967}C:\users\f.putz\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\f.putz\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4FB76B4F-B7F2-4881-BB00-A603F675CDED}C:\windows\system32\mstsc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mstsc.exe |
"TCP Query User{66B76F6C-C9E1-43C1-AA60-7BF0291E75F7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8AE32156-E3E5-4424-8502-B68D69873BA5}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{A91A22D0-A403-44C5-89C9-63C7EF07B714}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{AF1C8679-2395-439F-A956-1984B60A2686}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{B19E459F-F268-48E4-B971-645A7A123C19}C:\windows\system32\mstsc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mstsc.exe |
"UDP Query User{0CE90229-D251-419F-84F2-EF0C40D149F6}C:\windows\system32\mstsc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mstsc.exe |
"UDP Query User{1A31F6F4-670C-4F14-9447-5FD1B54C8059}C:\users\f.putz\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\f.putz\appdata\roaming\spotify\spotify.exe |
"UDP Query User{25C5B2B9-27D3-4A23-A47C-A3237713F040}C:\windows\system32\mstsc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mstsc.exe |
"UDP Query User{28549E9F-766E-4F8F-B72F-83950FA0FDDA}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{2D2F2C34-2C73-475C-9620-D7E758B394BC}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{7AD82F24-4145-46C0-82FA-8CF3849658F3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7FF16228-C610-4C21-B49D-F02CC2262321}C:\users\f.putz\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\f.putz\appdata\roaming\spotify\spotify.exe |
"UDP Query User{8D94D792-C76C-4211-A4BC-2DC67DEAFACF}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{9726FA96-32D4-4CFF-8AC6-E796945D6DF1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{24843DF0-CDC7-4BDF-B68E-F529DFC00D3E}" = HP ProtectTools Security Manager
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F15E203-BC3E-3597-84CD-EDF99546C917}" = Google Talk Plugin
"{4850C1AE-BD1D-468C-9ABC-5486DC21E1E5}" = HP ESU for Microsoft Windows 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{634DB771-B797-4528-82E5-7C42B4123329}" = Credential Manager for HP ProtectTools
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90E00407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AEACD7BE-7E12-490D-80B2-C7DEBDBD8915}" = Windows 7 Default Setting
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{BEF99123-C1DC-479B-9445-DE3E026F320E}" = HP JavaCard for HP ProtectTools
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4518D5B-C62C-4984-A615-1FC1DD55B86A}" = Drive Encryption for HP ProtectTools
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z" = Soft Data Fax Modem with SmartCP
"FileZilla Client" = FileZilla Client 3.2.7.1
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HECI" = Intel(R) Management Engine Interface
"MESOL" = Intel(R) Active Management Technology Device Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OfficeScanNT" = Trend Micro OfficeScan Client
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"Samsung ML-2010 Series SmartPanel" = Samsung ML-2010 Series SmartPanel
"SharpPix200" = SharpPix 2.0.0 (nur entfernen)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.07.2012 13:20:18 | Computer Name = MOBIL-FP | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 16.07.2012 14:22:31 | Computer Name = MOBIL-FP | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16447 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 136c Startzeit: 01cd637fc0e4bcd5 Endzeit: 61 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 16.07.2012 14:22:44 | Computer Name = MOBIL-FP | Source = MsiInstaller | ID = 11706
Description =
Error - 17.07.2012 02:03:26 | Computer Name = MOBIL-FP | Source = MsiInstaller | ID = 11706
Description =
Error - 17.07.2012 04:28:11 | Computer Name = MOBIL-FP | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 17.07.2012 05:56:44 | Computer Name = MOBIL-FP | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(e0:f8:47:9e:86:31@fe80::e2f8:47ff:fe9e:8631._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 17.07.2012 05:56:44 | Computer Name = MOBIL-FP | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(e0:f8:47:9e:86:31@fe80::e2f8:47ff:fe9e:8631._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 17.07.2012 11:02:17 | Computer Name = MOBIL-FP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SDHelper.dll, Version: 1.6.2.14,
Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000051a0 ID des fehlerhaften
Prozesses: 0xda8 Startzeit der fehlerhaften Anwendung: 0x01cd640a8f103cb9 Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Berichtskennung:
65c33e71-d020-11e1-908c-001e379ca288
Error - 18.07.2012 11:49:12 | Computer Name = MOBIL-FP | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 18.07.2012 12:56:07 | Computer Name = MOBIL-FP | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8007000e)
festgestellt.
[ Broadcom Wireless LAN Events ]
Error - 06.04.2012 12:43:36 | Computer Name = MOBIL-FP | Source = WLAN-Tray | ID = 0
Description = 18:43:36, Fri, Apr 06, 12 Error - Unable to gain access to user store
Error - 18.07.2012 14:01:23 | Computer Name = MOBIL-FP | Source = WLAN-Tray | ID = 0
Description = 20:01:23, Wed, Jul 18, 12 Error - Unable to gain access to user store
[ Credential Manager Events ]
Error - 04.04.2011 05:10:36 | Computer Name = MOBIL-FP | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
f.putz@MOBIL-FP Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 04.04.2011 05:10:36 | Computer Name = MOBIL-FP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: f.putz@MOBIL-FP
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 11.05.2011 07:40:59 | Computer Name = MOBIL-FP | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
f.putz@MOBIL-FP Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 11.05.2011 07:40:59 | Computer Name = MOBIL-FP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: f.putz@MOBIL-FP
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 02.06.2011 10:39:58 | Computer Name = MOBIL-FP | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
f.putz@MOBIL-FP Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 02.06.2011 10:39:58 | Computer Name = MOBIL-FP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: f.putz@MOBIL-FP
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 24.04.2012 07:39:50 | Computer Name = MOBIL-FP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: f.putz@MOBIL-FP
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 24.04.2012 07:39:50 | Computer Name = MOBIL-FP | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
f.putz@MOBIL-FP Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 19.05.2012 06:50:31 | Computer Name = MOBIL-FP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: f.putz@MOBIL-FP
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 19.05.2012 06:50:31 | Computer Name = MOBIL-FP | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
f.putz@MOBIL-FP Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
[ Hewlett-Packard Events ]
Error - 15.03.2010 13:47:56 | Computer Name = MOBIL-FP | Source = Hewlett-Packard | ID = 0
Description = de-AT Die Datei "C:\Program Files\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml"
konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object
A_0, EventArgs A_1)
Error - 15.03.2010 13:47:57 | Computer Name = MOBIL-FP | Source = Hewlett-Packard | ID = 0
Description = de-AT Die Datei "C:\Program Files\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml"
konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object
A_0, EventArgs A_1)
[ System Events ]
Error - 16.07.2012 12:35:54 | Computer Name = MOBIL-FP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.07.2012 12:38:16 | Computer Name = MOBIL-FP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
is3srv
Error - 16.07.2012 12:52:50 | Computer Name = MOBIL-FP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst szserver erreicht.
Error - 17.07.2012 06:54:25 | Computer Name = MOBIL-FP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?07.?2012 um 12:51:19 unerwartet heruntergefahren.
Error - 17.07.2012 06:54:26 | Computer Name = MOBIL-FP | Source = BugCheck | ID = 1001
Description =
Error - 17.07.2012 06:55:56 | Computer Name = MOBIL-FP | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 18.07.2012 13:59:30 | Computer Name = MOBIL-FP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?07.?2012 um 19:57:07 unerwartet heruntergefahren.
Error - 18.07.2012 13:58:58 | Computer Name = MOBIL-FP | Source = volsnap | ID = 393243
Description = Die Schattenkopien von Volume "C:" wurden während der Ermittlung abgebrochen,
weil eine kritische Steuerungsdatei nicht geöffnet werden konnte.
Error - 18.07.2012 13:58:59 | Computer Name = MOBIL-FP | Source = volsnap | ID = 393243
Description = Die Schattenkopien von Volume "C:" wurden während der Ermittlung abgebrochen,
weil eine kritische Steuerungsdatei nicht geöffnet werden konnte.
Error - 18.07.2012 13:59:41 | Computer Name = MOBIL-FP | Source = BugCheck | ID = 1001
Description =
< End of report >
Danke schon mal für die Hilfe. |
|
25.07.2012, 20:41
| #4 | |
| /// Malware-holic | Unerwünscht Popups und Google sucht nicht hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Unerwünscht Popups und Google sucht nicht |
| adobe, aufrufe, bho, bonjour, browser, encrypt, explorer, flash player, google, google; popup, hijack, hijackthis, internet, internet explorer, langsam, log, mein log, monitor, mozilla, notification, nvidia, object, pc ist langsam, plug-in, popups, rundll, safer networking, scan, security, software, system, tracking cookie, trojaner, windows |
Linear-Darstellung
