| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs-Trojaner "Der Computer ist für die Verletzung der Gesetze der BRD wurde blockiert"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.08.2012, 06:34
| #1 |
| |  Verschlüsselungs-Trojaner "Der Computer ist für die Verletzung der Gesetze der BRD wurde blockiert" Morgen zusammen, seit Samstag ist mein Rechner von dem "BRD"-Trojaner befallen. Zunaechst habe ich im Safe-Modus einen Scan mit meiner AVG Software unternommen aber nichts gefunden. Das Log lade ich gleich als ersten Anhang unter meine Nachricht. Auf den Tipp eines Kollegen habe ich mir dann die Anti-Malware runtergeladen und installiert, einen Komplett Scan gefahren (den Log dazu als zweiten Anhang unten) - habe allerdings instinktiv auf "alles loeschen" gedrueckt. Wie ich jetzt weiss war das nicht richtig. Daraufhin bin ich wieder in den Safemode und habe nochmal einen Komplettscan gefahren. Danach habe ich noch meine externen Laufwerke abgehangen, im Nachhinein weiss ich nicht, ob das eine gute Idee war. Am Ende vom Scan habe ich nicht verstanden, wie die Funde nicht geloescht werden sondern nur in Quarantaene verschoben werden. Ich habe letztlich wieder auf "entfernen" geclickt, allerdings habe ich den Rechner diesmal nicht neu gestartet. Das entsprechende Log vor dem entfernen ist im dritten Anhang, das nach dem entfernen im vierten. Danach habe ich die Schritte 1 - 3 durchlaufen, allerdings beim OTL-Scan das Anti-Malware Fenster erst kurz nach Start des Scans geschlossen und beim GMER-Scan bin ich nicht sicher, ob ich das AVG abgeschaltet habe oder nicht. Ich konnte allerdings nicht auf mein Standard AVG Fenster zugreifen, ueber welches ich normalerweise das Programm steuern kann. Ich hoffe, dass Euch die Ergebnisse schonmal genug anzeigen, um mir weiterzuhelfen. Vielen Dank im Vorraus Alex Hier noch die OTL logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 28/08/2012 12:16:05 AM - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 72.02% Memory free 3.84 Gb Paging File | 3.50 Gb Available in Paging File | 91.17% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 31.55 Gb Total Space | 3.48 Gb Free Space | 11.02% Space Free | Partition Type: NTFS Drive D: | 34.43 Gb Total Space | 0.21 Gb Free Space | 0.62% Space Free | Partition Type: NTFS Drive E: | 6.99 Gb Total Space | 0.76 Gb Free Space | 10.83% Space Free | Partition Type: NTFS Drive F: | 1.55 Gb Total Space | 0.96 Gb Free Space | 61.76% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/27 23:43:51 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/02/07 03:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012/08/22 23:18:16 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2007/05/08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007/04/22 17:32:42 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2007/02/15 14:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService) SRV - [2007/02/07 03:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2006/12/04 17:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Stopped] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI) SRV - [2006/06/22 07:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/08/28 00:11:03 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\ibuumqn.sys -- (akuras) DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2007/04/22 16:25:30 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2007/04/22 16:24:58 | 000,100,095 | ---- | M] (SafeBoot International) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2007/04/10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007/03/29 16:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2007/03/01 13:00:50 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) DRV - [2007/02/27 11:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007/02/14 16:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007/02/14 16:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007/01/23 22:07:30 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive) DRV - [2007/01/23 21:13:26 | 000,036,608 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2007/01/02 16:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/10/19 02:23:00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X) DRV - [2006/10/09 13:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2006/07/24 01:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2006/07/24 01:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/08/27 22:53:45 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/02 10:32:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/08/12 20:06:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/08/13 21:06:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins O1 HOSTS File: ([2006/02/28 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [secproc_isv] C:\Documents and Settings\Alex.LAPTOP\Local Settings\Application Data\Microsoft\Windows\1988\secproc_isv.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Wwanpref] C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\1706\Wwanpref.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344232905859 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344810022031 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9DE4D03-5BC6-40FA-B846-B905065C6652}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\OneCard: DllName - (C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/01/09 22:13:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/05/01 01:01:00 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/08/27 23:43:49 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012/08/27 23:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia [2012/08/27 23:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2012/08/27 23:08:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2012/08/27 22:53:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012/08/27 21:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2012/08/27 21:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/27 21:24:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/08/27 21:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/08/27 21:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/08/27 21:08:34 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012/08/26 09:11:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2012/08/26 09:10:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2012/08/26 09:10:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo [2012/08/26 09:10:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data [2012/08/26 09:10:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup [2012/08/26 09:10:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu [2012/08/26 09:10:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories [2012/08/26 09:10:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies [2012/08/26 09:10:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates [2012/08/26 09:10:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent [2012/08/26 09:10:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood [2012/08/26 09:10:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood [2012/08/26 09:10:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings [2012/08/26 09:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents [2012/08/26 09:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [2012/08/26 09:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites [2012/08/26 09:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop [2012/08/22 22:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer [2012/08/22 22:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2012/08/22 22:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/08/22 22:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2012/08/22 22:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2012/08/22 22:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2012/08/22 18:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/08/22 18:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype [2012/08/19 12:34:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2012/08/13 00:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2012/08/13 00:10:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012/08/12 23:48:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2012/08/12 20:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant [2012/08/12 20:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP [2012/08/12 20:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP [2012/08/12 20:03:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\hpoj6500e709 [2012/08/08 19:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2012/08/08 19:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012/08/08 19:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google [2012/08/08 19:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe [2012/08/06 21:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager [2012/08/06 21:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager [2012/08/06 19:50:15 | 000,629,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB932823-v3-x86-ENU.exe [2012/08/06 19:47:25 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe [2012/08/05 22:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2012/08/05 22:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011 [2012/08/05 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012 [2012/08/05 22:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/08/05 22:19:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG [2012/08/05 22:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/08/05 22:08:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/08/05 22:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9 [2012/08/05 21:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio [2012/08/05 21:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Roxio [2012/08/05 21:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic [2012/08/05 20:56:45 | 000,015,632 | ---- | C] (PDF Complete, Inc.) -- C:\WINDOWS\System32\pdfc_port.dll [2012/08/05 20:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF Complete [2012/08/05 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Complete [2012/08/05 20:33:30 | 000,012,800 | ---- | C] (Hewlett packard) -- C:\WINDOWS\HPNICVersion.dll [2012/08/05 20:32:17 | 000,033,024 | R--- | C] (Hewlett Packard) -- C:\WINDOWS\System32\drivers\HP24X.sys [2012/08/05 20:30:32 | 000,032,356 | ---- | C] (Phoenix Technologies K.K.) -- C:\WINDOWS\System32\pusbfd1.sys [2012/08/05 20:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Fingerprint Sensor [2012/08/05 20:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Infineon [2012/08/05 20:26:02 | 000,036,608 | R--- | C] (Infineon Technologies AG) -- C:\WINDOWS\System32\drivers\ifxtpm.sys [2012/08/05 20:25:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ [2012/08/05 20:22:28 | 000,013,312 | ---- | C] (Hewlett packard) -- C:\WINDOWS\HPModemVersion.dll [2012/08/05 20:22:26 | 001,160,320 | R--- | C] (Agere Systems) -- C:\WINDOWS\System32\drivers\AGRSM.sys [2012/08/05 20:22:26 | 000,068,096 | R--- | C] (Agere Systems) -- C:\WINDOWS\agrsmdel.exe [2012/08/05 20:16:45 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe [2012/08/05 14:03:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup [2012/08/05 14:03:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu [2012/08/05 14:03:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents [2012/08/05 14:03:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates [2012/08/05 14:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites [2012/08/05 14:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop [2012/08/05 14:03:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2012/08/05 14:03:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data [2012/08/05 12:46:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2012/08/05 12:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2012/08/05 12:46:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2012/08/05 12:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2012/08/05 12:43:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2012/08/05 12:43:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2012/08/05 12:41:02 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2012/08/05 12:38:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM [2012/08/05 12:36:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures [2012/08/05 12:36:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games [2012/08/05 12:36:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools [2012/08/05 12:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services [2012/08/05 12:35:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music [2012/08/05 12:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger [2012/08/05 12:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSN [2012/08/05 12:34:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos [2012/08/05 12:32:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/28 00:14:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable [2012/08/28 00:11:03 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ibuumqn.sys [2012/08/27 23:43:51 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012/08/27 23:42:36 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe [2012/08/27 23:28:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/08/27 23:11:23 | 000,311,912 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/08/27 23:11:23 | 000,040,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/08/27 23:07:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/08/27 22:54:47 | 105,027,084 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/08/27 22:51:12 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/08/27 21:24:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012/08/26 09:07:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/08/25 19:29:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/08/25 17:31:43 | 000,071,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012/08/22 22:56:41 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/08/22 22:45:11 | 000,023,716 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2012/08/22 22:31:58 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2012/08/22 18:31:05 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/08/21 20:00:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/08/16 23:38:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/08/14 08:04:22 | 000,186,424 | ---- | M] () -- C:\WINDOWS\hpwins23.dat [2012/08/13 22:46:23 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk [2012/08/13 22:35:31 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/08/13 21:06:45 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2012/08/05 22:20:00 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2012/08/05 22:04:38 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm [2012/08/05 20:59:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2012/08/05 20:59:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2012/08/05 20:58:05 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2012/08/05 20:31:20 | 000,001,639 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_HP Compaq 6710b (GV623AV)_YN_0U_QSGH7380L2N_EU_46_I30C0_SHP_VKBC Version 71.2E_B68DDU Ver. F.15_T090115_WXP2_L409_M2040_J80_7Intel_8Core2 Duo T7100_91.8_#120805_N_(GV623AV)_XMOBILE_CN10_Z_2F.15_G.MRK [2012/08/05 20:28:30 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2012/08/05 12:46:15 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2012/08/05 12:45:12 | 000,000,372 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2012/08/05 12:39:17 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/08/05 12:39:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2012/08/05 12:39:06 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2012/08/05 12:36:08 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2012/08/05 12:32:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2012/08/01 17:01:46 | 2138,361,856 | -HS- | M] () -- C:\hiberfil.sys [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/28 00:14:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable [2012/08/28 00:11:03 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ibuumqn.sys [2012/08/27 23:42:36 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe [2012/08/27 22:54:47 | 105,027,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/08/27 21:24:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012/08/26 09:10:47 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk [2012/08/26 09:10:47 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk [2012/08/25 17:31:42 | 000,071,359 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012/08/22 22:56:41 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/08/22 22:45:11 | 000,023,716 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/08/22 22:31:58 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2012/08/22 22:31:16 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2012/08/22 18:31:05 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/08/14 08:02:48 | 000,186,424 | ---- | C] () -- C:\WINDOWS\hpwins23.dat [2012/08/14 08:02:48 | 000,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat [2012/08/13 21:25:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/08/13 21:25:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012/08/13 21:06:45 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2012/08/13 21:06:43 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk [2012/08/13 00:24:10 | 000,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat.temp [2012/08/12 23:51:32 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2012/08/12 23:51:27 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2012/08/12 23:51:20 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2012/08/12 20:04:55 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk [2012/08/08 19:18:43 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/08/08 19:18:43 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/08/08 17:19:13 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/08/06 21:51:33 | 000,002,353 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk [2012/08/05 22:20:00 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2012/08/05 22:19:41 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm [2012/08/05 21:05:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/08/05 20:35:07 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll [2012/08/05 20:35:06 | 000,910,304 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2012/08/05 20:35:06 | 000,025,504 | R--- | C] () -- C:\WINDOWS\System32\igxpxs32.vp [2012/08/05 20:35:06 | 000,002,096 | R--- | C] () -- C:\WINDOWS\System32\igxpxk32.vp [2012/08/05 20:34:56 | 000,121,232 | R--- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp [2012/08/05 20:34:56 | 000,121,232 | R--- | C] () -- C:\WINDOWS\System32\IScrNB.bmp [2012/08/05 20:32:08 | 000,000,195 | RHS- | C] () -- C:\WINDOWS\System32\vssver2.scc [2012/08/05 20:31:16 | 000,001,639 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_HP Compaq 6710b (GV623AV)_YN_0U_QSGH7380L2N_EU_46_I30C0_SHP_VKBC Version 71.2E_B68DDU Ver. F.15_T090115_WXP2_L409_M2040_J80_7Intel_8Core2 Duo T7100_91.8_#120805_N_(GV623AV)_XMOBILE_CN10_Z_2F.15_G.MRK [2012/08/05 20:30:32 | 000,026,629 | ---- | C] () -- C:\WINDOWS\System32\pusbfd2.vxd [2012/08/05 20:28:30 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2012/08/05 20:22:47 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\HP ProtectTools Security Manager.lnk [2012/08/05 14:03:55 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012/08/05 14:03:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012/08/05 14:03:30 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2012/08/05 14:03:23 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2012/08/05 14:03:23 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2012/08/05 14:03:23 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2012/08/05 14:03:23 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2012/08/05 14:03:23 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2012/08/05 14:03:23 | 000,007,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2012/08/05 14:03:22 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2012/08/05 14:03:22 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2012/08/05 14:02:25 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/08/05 14:01:23 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2012/08/05 12:46:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2012/08/05 12:45:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012/08/05 12:43:29 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2012/08/05 12:42:45 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2012/08/05 12:42:25 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2012/08/05 12:42:22 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2012/08/05 12:42:16 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2012/08/05 12:41:55 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2012/08/05 12:41:45 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2012/08/05 12:41:09 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2012/08/05 12:39:17 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2012/08/05 12:39:14 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2012/08/05 12:39:13 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2012/08/05 12:39:12 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2012/08/05 12:38:07 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2012/08/05 12:37:59 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2012/08/05 12:37:23 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp [2012/08/05 12:37:23 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp [2012/08/05 12:37:16 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2012/08/05 12:36:09 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk [2012/08/05 12:36:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012/08/05 12:35:58 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk [2012/08/05 12:35:34 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp [2012/08/05 12:35:34 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp [2012/08/05 12:35:34 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp [2012/08/05 12:35:34 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp [2012/08/05 12:35:34 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2012/08/05 12:35:34 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp [2012/08/05 12:35:33 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp [2012/08/05 12:35:33 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp [2012/08/05 12:35:33 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp [2012/08/05 12:35:33 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp [2012/08/05 12:35:33 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp [2012/08/05 12:35:30 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2012/08/05 12:35:30 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2012/08/05 12:35:26 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2012/08/05 12:35:18 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc ========== LOP Check ========== [2012/08/05 22:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/08/05 22:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2012/08/05 22:08:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/08/05 20:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon [2012/08/27 22:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/08/06 08:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2012/08/22 22:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 < End of report > ...und "Extras"-log:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28/08/2012 12:16:05 AM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 72.02% Memory free
3.84 Gb Paging File | 3.50 Gb Available in Paging File | 91.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.55 Gb Total Space | 3.48 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
Drive D: | 34.43 Gb Total Space | 0.21 Gb Free Space | 0.62% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.76 Gb Free Space | 10.83% Space Free | Partition Type: NTFS
Drive F: | 1.55 Gb Total Space | 0.96 Gb Free Space | 61.76% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"G:\setup\hpznui01.exe" = G:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"G:\setup\hpznui01.exe" = G:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CF925D3-1E33-4447-889B-0751D2CF886D}" = Drive Encryption for HP ProtectTools
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20A1D306-CE83-492A-8525-D6DF50B5944A}" = Embedded Security for HP ProtectTools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}" = HP PCMCIA Smart Card Reader
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2D74DEC-9F82-428C-8C30-CCFBCFE45F90}" = HP Broadband Wireless Modules
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C74D0FA0-1D49-464F-A707-B427EE3385C1}" = HP BIOS Configuration for ProtectTools
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG" = AVG 2012
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PDF Complete" = PDF Complete
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/08/2012 6:28:15 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x0020fbd7.
Error - 11/08/2012 6:28:22 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.18702, fault address 0x0009656c.
Error - 11/08/2012 6:29:45 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x0020fbd7.
Error - 11/08/2012 6:29:50 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.18702, fault address 0x0009656c.
Error - 12/08/2012 2:05:29 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11904
Description = Product: SolutionCenter -- Error 1904. Module C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
failed to register. HRESULT -2147220473. Contact your support personnel.
Error - 14/08/2012 2:08:03 AM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application hpzsetup.exe, version 12.0.0.85, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 22/08/2012 4:44:08 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 10.5.3.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 25/08/2012 5:56:49 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 6.0.0.105, faulting module
jusched.exe, version 6.0.0.105, fault address 0x00001cdb.
Error - 26/08/2012 2:45:50 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 6.0.0.105, faulting module
jusched.exe, version 6.0.0.105, fault address 0x00001cdb.
Error - 27/08/2012 4:56:28 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 6.0.0.105, faulting module
jusched.exe, version 6.0.0.105, fault address 0x00001cdb.
< End of report >
Geändert von Alemannialex (28.08.2012 um 06:57 Uhr) |
| Themen zu Verschlüsselungs-Trojaner "Der Computer ist für die Verletzung der Gesetze der BRD wurde blockiert" |
| 32 bit, avg, avg pc tuneup, bho, blockiert, bonjour, browser, computer, der computer ist für die verletzung, diagnostics, e-mail, entfernen, error, failed, firefox, flash player, format, gmer-scan, hewlett packard, home, iexplore.exe, launch, logfile, msiinstaller, nicht sicher, object, plug-in, programm, registry, rundll, scan, security, sierra, software, udp, windows internet, wlan |
Baum-Darstellung