| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MS DOS file im Anhang einer Mahnung: Habe sie geöffnet.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.06.2013, 18:37
| #1 |
| |  MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. Hej, in einer Mail kam heute eine Mahnung mit einem Anhang. Der Anhang war eine .zip file in der sich noch eine .zip file befand und darin eine MS DOS file. Ich Idiot habe draufgeklickt und erst dann realisiert, dass ich mich blamiert hab. Meinetwegen könnte ich den PC komplett neu formatieren, aber ich arbeite an einem Projekt und könnte dies erst in etwa 20 Tagen machen. Ich habe die Schritte, die ihr in dem Fall empfehlt durchgeführt und hier kommen die log files: OTL.txt Code:
ATTFilter OTL logfile created on: 17.06.2013 18:10:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.90 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.24% Memory free 7.80 Gb Paging File | 5.84 Gb Available in Paging File | 74.95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149.05 Gb Total Space | 27.87 Gb Free Space | 18.70% Space Free | Partition Type: NTFS Computer Name: MAX-THINKPAD | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.06.17 18:07:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe PRC - [2013.06.14 17:38:47 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.24 11:29:07 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.15 08:08:16 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.08.13 16:52:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.11.30 10:14:20 | 000,126,976 | ---- | M] (Feitian Technologies Co., Ltd.) -- C:\Program Files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe PRC - [2011.11.04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.07.12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2011.07.12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe PRC - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.07.27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2010.07.27 13:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe PRC - [2010.07.27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe PRC - [2007.10.15 15:47:18 | 000,106,496 | ---- | M] (Feitian Technologies Co., Ltd.) -- C:\Program Files (x86)\Odeon11Industrial\Rockey6SmartSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.05.24 11:29:07 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.05.15 08:08:16 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2013.05.15 08:08:16 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll MOD - [2013.05.15 08:08:16 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.03.12 10:57:22 | 000,190,120 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2012.02.29 15:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2011.11.01 13:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011.11.01 13:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011.10.20 18:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011.10.19 20:51:39 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (CrypKey License) SRV:64bit: - [2011.10.19 14:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.07.12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV:64bit: - [2011.07.12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV:64bit: - [2011.07.12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV:64bit: - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV:64bit: - [2010.07.27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV:64bit: - [2010.07.27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.12 16:39:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.24 11:29:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.06.19 17:03:25 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.30 10:14:20 | 000,126,976 | ---- | M] (Feitian Technologies Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Odeon12Industrial\Rockey6S_SPSvc.exe -- (ROCKEY6S_SPSVC) SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.10.15 15:47:18 | 000,106,496 | ---- | M] (Feitian Technologies Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Odeon11Industrial\Rockey6SmartSvc.exe -- (ROCKEY6SMARTSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.26 11:22:00 | 000,158,592 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1098.sys -- (RDID1098) DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012.10.17 19:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.10.17 19:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.10.06 21:17:02 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012.10.06 21:17:02 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012.05.23 00:34:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2012.03.06 22:41:32 | 000,065,648 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rockusb.sys -- (Rockusb) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.29 15:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.12.27 03:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.10.20 11:24:16 | 000,302,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) DRV:64bit: - [2011.10.19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.10.19 14:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.10.13 11:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.09.06 17:00:02 | 000,393,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0700Vid.sys -- (V0700Vid) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.09.07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010.06.07 05:12:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64) DRV:64bit: - [2010.04.23 00:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.03.19 01:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX) DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.12.28 15:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.09.17 08:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2009.09.17 08:05:02 | 000,058,792 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64) DRV:64bit: - [2009.07.22 06:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.03 17:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs) DRV:64bit: - [2008.09.23 00:24:00 | 000,050,176 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\shbecr.sys -- (Tdsshbecr) DRV:64bit: - [2006.11.18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.07.26 23:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\BatteryCare\WinRing0x64.sys -- (WinRing0_1_2_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 FE 0B 18 57 38 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 08:08:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 08:08:13 | 000,000,000 | ---D | M] [2012.05.22 23:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Extensions [2013.06.05 10:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions [2012.11.30 18:18:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013.06.05 10:59:27 | 000,054,689 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013.05.10 14:21:05 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\le4zo7s4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.24 11:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.05.24 11:29:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0700Ext.ax] C:\Windows\SysNative\V0700Ext.ax (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0700Ext.ax] C:\Windows\SysWOW64\V0700Ext.ax (Creative Technology Ltd.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Max\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [ujtwwutc] C:\Users\Max\AppData\Roaming\Zlllm\spphhffwutc.exe (Bloodshed Software) O4 - Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.237.72.200 130.237.72.201 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EB318EA-80D1-46C6-9AB6-2C57AA88B1B4}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B9B516-7FC4-4A37-AA67-D06B1509E193}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0E05EB0-1690-40E4-AABD-3D52F8A34FBE}: DhcpNameServer = 130.237.72.200 130.237.72.201 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{04faf21d-c3a0-11e1-8c34-00216a1cb100}\Shell - "" = AutoRun O33 - MountPoints2\{04faf21d-c3a0-11e1-8c34-00216a1cb100}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{303723ac-a455-11e1-b969-002713b84570}\Shell - "" = AutoRun O33 - MountPoints2\{303723ac-a455-11e1-b969-002713b84570}\Shell\AutoRun\command - "" = H:\autostart.exe O33 - MountPoints2\{ac3be8d7-95fd-11e2-82bc-002713b84570}\Shell - "" = AutoRun O33 - MountPoints2\{ac3be8d7-95fd-11e2-82bc-002713b84570}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{b820506a-a44d-11e1-b4db-002713b84570}\Shell - "" = AutoRun O33 - MountPoints2\{b820506a-a44d-11e1-b4db-002713b84570}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.17 18:07:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2013.06.17 17:23:05 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Zlllm [2013.06.15 21:40:50 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Presentation Figures [2013.06.08 10:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internoise 2000 [2013.06.08 10:32:23 | 000,409,600 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\cfgdll.dll [2013.06.08 10:32:23 | 000,307,200 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\Viewer.dll [2013.06.08 10:32:23 | 000,274,432 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\fmtdll.dll [2013.06.08 10:32:23 | 000,221,184 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\Imagedll.dll [2013.06.08 10:32:23 | 000,188,416 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\Cgmdll.dll [2013.06.08 10:32:23 | 000,098,304 | ---- | C] (Jouve) -- C:\Windows\SysWow64\activvf.ocx [2013.06.08 10:32:23 | 000,077,824 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\jpegw.dll [2013.06.08 10:32:23 | 000,036,864 | ---- | C] (JOUVE SA) -- C:\Windows\SysWow64\ccittg4.dll [2013.06.08 10:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internoise [2013.06.05 00:25:39 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\pirateplay [2013.06.05 00:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pirateplayer [2013.06.03 09:59:46 | 000,000,000 | ---D | C] -- C:\Users\Max\.pdfsam [2013.06.03 09:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\PDFmerge [2013.05.29 10:41:05 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\U3 [2013.05.24 17:02:16 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\CV [2013.05.24 11:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.22 19:19:54 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS [2013.05.22 19:18:59 | 000,000,000 | ---D | C] -- C:\Netgear [1 C:\Users\Max\*.tmp files -> C:\Users\Max\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.17 18:09:04 | 000,377,856 | ---- | M] () -- C:\Users\Max\Desktop\gmer_2.1.19163.exe [2013.06.17 18:07:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe [2013.06.17 18:07:15 | 000,000,000 | ---- | M] () -- C:\Users\Max\defogger_reenable [2013.06.17 18:06:39 | 000,050,477 | ---- | M] () -- C:\Users\Max\Desktop\Defogger.exe [2013.06.17 17:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.17 17:22:00 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.17 17:03:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.17 11:31:41 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.17 11:31:41 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.17 11:31:41 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.17 09:40:11 | 000,022,924 | ---- | M] () -- C:\Users\Max\AppData\Local\recently-used.xbel [2013.06.16 19:46:39 | 000,000,984 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.16 12:01:06 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job [2013.06.16 11:02:46 | 000,016,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.16 11:02:46 | 000,016,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.16 10:53:42 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys [2013.06.16 00:21:31 | 000,769,182 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.14 14:18:44 | 001,079,430 | ---- | M] () -- C:\Users\Max\Desktop\OD_250.bmp [2013.06.14 14:17:43 | 001,060,254 | ---- | M] () -- C:\Users\Max\Desktop\OD_4000.bmp [2013.06.14 14:16:53 | 001,061,114 | ---- | M] () -- C:\Users\Max\Desktop\OD_2000.bmp [2013.06.14 14:15:58 | 001,060,918 | ---- | M] () -- C:\Users\Max\Desktop\OD_1000.bmp [2013.06.14 14:15:10 | 001,051,398 | ---- | M] () -- C:\Users\Max\Desktop\OD_500.bmp [2013.06.14 14:13:42 | 000,132,485 | ---- | M] () -- C:\Users\Max\Desktop\OD_250.jpg [2013.06.12 21:24:01 | 1857,227,233 | ---- | M] () -- C:\Users\Max\Krigets unga hjärtan_-_Krigets unga hjärtan - Del 2 av 3_ Ett annat krig.mp4 [2013.06.11 10:23:03 | 001,370,927 | ---- | M] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.gif [2013.06.11 10:21:57 | 000,000,379 | ---- | M] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.htm [2013.06.11 10:18:56 | 000,237,858 | ---- | M] () -- C:\Users\Max\Desktop\new3DbillardYZ.gif [2013.06.11 10:17:51 | 000,000,355 | ---- | M] () -- C:\Users\Max\Desktop\new3DbillardYZ.htm [2013.06.11 10:11:58 | 000,360,458 | ---- | M] () -- C:\Users\Max\Desktop\3D_Billard_YZ.gif [2013.06.11 09:51:27 | 000,000,354 | ---- | M] () -- C:\Users\Max\Desktop\3D_Billard_YZ.htm [2013.06.10 13:50:41 | 000,170,487 | ---- | M] () -- C:\Users\Max\Desktop\chart.pdf [2013.06.09 23:08:18 | 005,012,172 | ---- | M] () -- C:\Users\Max\Desktop\Max_Report.pdf [2013.06.08 10:32:32 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Internoise 2000.lnk [2013.06.07 12:02:29 | 000,003,521 | ---- | M] () -- C:\Users\Max\Desktop\drawing.svg [2013.06.07 10:01:53 | 003,072,054 | ---- | M] () -- C:\Users\Max\Desktop\paint_mall_figurstorlek.bmp [2013.06.06 11:28:42 | 000,023,433 | ---- | M] () -- C:\Users\Max\Desktop\4000.png [2013.06.06 11:27:43 | 000,027,445 | ---- | M] () -- C:\Users\Max\Desktop\2000.png [2013.06.06 11:26:35 | 000,031,624 | ---- | M] () -- C:\Users\Max\Desktop\1000.png [2013.06.06 11:25:24 | 000,032,814 | ---- | M] () -- C:\Users\Max\Desktop\500.png [2013.06.06 11:24:12 | 000,030,349 | ---- | M] () -- C:\Users\Max\Desktop\250.png [2013.06.05 00:33:52 | 1901,246,096 | ---- | M] () -- C:\Users\Max\_-_Krigets unga hjärtan - Del 1 av 3.mp4 [2013.06.04 21:38:05 | 000,001,051 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.03 15:19:32 | 000,005,600 | ---- | M] () -- C:\Windows\SysNative\esnecil.ind [2013.06.03 15:19:32 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat [2013.05.29 23:48:02 | 000,279,259 | ---- | M] () -- C:\Users\Max\Desktop\Zapka_Max_CV.pdf [2013.05.29 18:08:49 | 000,108,434 | ---- | M] () -- C:\Users\Max\New_document_1-g2993-4294967129.png [2013.05.29 10:40:14 | 000,044,004 | ---- | M] () -- C:\Users\Max\Desktop\Personal Details Form-1.pdf [2013.05.27 15:38:15 | 000,003,385 | ---- | M] () -- C:\Users\Max\Desktop\reportsii.m [2013.05.22 19:29:33 | 000,005,880 | ---- | M] () -- C:\Users\Max\Desktop\Router_Setup.html [2013.05.21 15:40:14 | 000,000,404 | ---- | M] () -- C:\Users\Max\Desktop\lowpass.m [2013.05.21 15:30:21 | 009,843,804 | ---- | M] () -- C:\Users\Max\Desktop\datalow.mat [2013.05.21 09:24:16 | 004,644,887 | ---- | M] () -- C:\Users\Max\Desktop\Max_Utkast.pdf [1 C:\Users\Max\*.tmp files -> C:\Users\Max\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.17 18:09:03 | 000,377,856 | ---- | C] () -- C:\Users\Max\Desktop\gmer_2.1.19163.exe [2013.06.17 18:07:15 | 000,000,000 | ---- | C] () -- C:\Users\Max\defogger_reenable [2013.06.17 18:06:37 | 000,050,477 | ---- | C] () -- C:\Users\Max\Desktop\Defogger.exe [2013.06.17 09:40:11 | 000,022,924 | ---- | C] () -- C:\Users\Max\AppData\Local\recently-used.xbel [2013.06.14 14:18:44 | 001,079,430 | ---- | C] () -- C:\Users\Max\Desktop\OD_250.bmp [2013.06.14 14:17:43 | 001,060,254 | ---- | C] () -- C:\Users\Max\Desktop\OD_4000.bmp [2013.06.14 14:16:53 | 001,061,114 | ---- | C] () -- C:\Users\Max\Desktop\OD_2000.bmp [2013.06.14 14:15:58 | 001,060,918 | ---- | C] () -- C:\Users\Max\Desktop\OD_1000.bmp [2013.06.14 14:15:10 | 001,051,398 | ---- | C] () -- C:\Users\Max\Desktop\OD_500.bmp [2013.06.14 14:13:42 | 000,132,485 | ---- | C] () -- C:\Users\Max\Desktop\OD_250.jpg [2013.06.12 21:17:14 | 1857,227,233 | ---- | C] () -- C:\Users\Max\Krigets unga hjärtan_-_Krigets unga hjärtan - Del 2 av 3_ Ett annat krig.mp4 [2013.06.11 10:17:51 | 000,237,858 | ---- | C] () -- C:\Users\Max\Desktop\new3DbillardYZ.gif [2013.06.11 10:17:51 | 000,000,355 | ---- | C] () -- C:\Users\Max\Desktop\new3DbillardYZ.htm [2013.06.11 10:17:01 | 000,000,379 | ---- | C] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.htm [2013.06.11 10:17:00 | 001,370,927 | ---- | C] () -- C:\Users\Max\Desktop\Train_compartment_mockup_march14.00001.gif [2013.06.11 09:51:27 | 000,000,354 | ---- | C] () -- C:\Users\Max\Desktop\3D_Billard_YZ.htm [2013.06.11 09:51:26 | 000,360,458 | ---- | C] () -- C:\Users\Max\Desktop\3D_Billard_YZ.gif [2013.06.10 13:50:40 | 000,170,487 | ---- | C] () -- C:\Users\Max\Desktop\chart.pdf [2013.06.09 23:08:18 | 005,012,172 | ---- | C] () -- C:\Users\Max\Desktop\Max_Report.pdf [2013.06.08 10:32:32 | 000,001,220 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internoise2000.lnk [2013.06.08 10:32:32 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Internoise 2000.lnk [2013.06.07 12:02:29 | 000,003,521 | ---- | C] () -- C:\Users\Max\Desktop\drawing.svg [2013.06.07 10:01:53 | 003,072,054 | ---- | C] () -- C:\Users\Max\Desktop\paint_mall_figurstorlek.bmp [2013.06.06 11:28:42 | 000,023,433 | ---- | C] () -- C:\Users\Max\Desktop\4000.png [2013.06.06 11:27:43 | 000,027,445 | ---- | C] () -- C:\Users\Max\Desktop\2000.png [2013.06.06 11:26:35 | 000,031,624 | ---- | C] () -- C:\Users\Max\Desktop\1000.png [2013.06.06 11:25:24 | 000,032,814 | ---- | C] () -- C:\Users\Max\Desktop\500.png [2013.06.06 11:24:12 | 000,030,349 | ---- | C] () -- C:\Users\Max\Desktop\250.png [2013.06.05 00:26:02 | 1901,246,096 | ---- | C] () -- C:\Users\Max\_-_Krigets unga hjärtan - Del 1 av 3.mp4 [2013.05.29 23:48:02 | 000,279,259 | ---- | C] () -- C:\Users\Max\Desktop\Zapka_Max_CV.pdf [2013.05.29 18:08:49 | 000,108,434 | ---- | C] () -- C:\Users\Max\New_document_1-g2993-4294967129.png [2013.05.29 10:21:51 | 000,044,004 | ---- | C] () -- C:\Users\Max\Desktop\Personal Details Form-1.pdf [2013.05.27 15:26:23 | 000,003,385 | ---- | C] () -- C:\Users\Max\Desktop\reportsii.m [2013.05.22 19:29:33 | 000,000,172 | R--- | C] () -- C:\Users\Max\Desktop\Router Login.url [2013.05.22 19:29:30 | 000,005,880 | ---- | C] () -- C:\Users\Max\Desktop\Router_Setup.html [2013.05.21 15:30:20 | 009,843,804 | ---- | C] () -- C:\Users\Max\Desktop\datalow.mat [2013.05.21 15:28:14 | 000,000,404 | ---- | C] () -- C:\Users\Max\Desktop\lowpass.m [2013.05.21 15:27:06 | 002,571,308 | ---- | C] () -- C:\Users\Max\Desktop\sample.wav [2013.05.21 09:24:16 | 004,644,887 | ---- | C] () -- C:\Users\Max\Desktop\Max_Utkast.pdf [2013.05.02 14:03:38 | 000,070,338 | ---- | C] () -- C:\Users\Max\drawing.eps [2013.04.04 15:10:14 | 000,007,680 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.26 11:27:08 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat [2013.02.26 11:26:32 | 000,000,202 | ---- | C] () -- C:\Windows\Crypkey.ini [2013.02.26 11:26:29 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2012.11.01 18:47:02 | 000,769,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.22 16:31:41 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2012.05.27 11:16:02 | 000,000,027 | ---- | C] () -- C:\Program Files\plugins.dat [2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Max\AppData\Roaming\MafiaSetup.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.21 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Audacity [2012.05.22 22:19:39 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\AVG2012 [2013.06.17 09:47:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\BatteryCare [2013.04.10 10:15:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite [2013.06.16 10:55:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Dropbox [2012.06.07 21:05:52 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Duden [2012.06.14 08:22:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\e-academy Inc [2012.06.03 18:40:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Garmin [2013.02.04 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\inkscape [2012.05.31 16:41:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Personal [2012.09.21 19:42:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PlayCatanClient [2012.10.06 22:30:15 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Sony [2013.06.17 10:11:28 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Spotify [2012.07.01 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Telefónica [2012.06.15 16:32:02 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\The Creative Assembly [2012.05.23 00:52:11 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Thunderbird [2013.01.28 14:52:33 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Unigraphics Solutions [2012.06.03 12:00:49 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Wise Registry Cleaner [2012.06.19 21:07:15 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\xm1 [2013.06.17 17:23:05 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Zlllm ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.06.2013 18:10:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3.90 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.24% Memory free
7.80 Gb Paging File | 5.84 Gb Available in Paging File | 74.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 27.87 Gb Free Space | 18.70% Space Free | Partition Type: NTFS
Computer Name: MAX-THINKPAD | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057B0E8A-5F58-491E-9E5A-72EA69F80E0E}" = rport=139 | protocol=6 | dir=out | app=system |
"{0E4CD123-453B-4EA9-B44D-BE4B31B94E09}" = rport=10243 | protocol=6 | dir=out | app=system |
"{23778A69-0C09-4DF7-84C3-CE8BD3A90510}" = lport=139 | protocol=6 | dir=in | app=system |
"{23EC83E0-3B6E-4BA8-8A89-062595DFC3B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F40437F-FC0A-4901-9FBB-E6B0F56033CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E68251D-E356-441A-BA5C-FC8FB933E25A}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D69CA86-BB10-4F5F-B4B8-1A9218FCB421}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50C6AE30-1DB2-4539-8A9B-78850C5A0228}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{616DFA7E-B3F8-4507-8A42-FF84F3053559}" = rport=445 | protocol=6 | dir=out | app=system |
"{641CEB65-AAA8-45B7-AE5C-9977897BD4B5}" = lport=137 | protocol=17 | dir=in | app=system |
"{70DC7660-9DD3-4775-8AA4-A175F23E7648}" = lport=2869 | protocol=6 | dir=in | app=system |
"{713D6B9D-FB80-4BEB-A2E4-9CB70E6FA3B1}" = rport=138 | protocol=17 | dir=out | app=system |
"{72017702-C3A2-4D05-91CE-794041DDF5A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74ECC0F7-7F33-4F8E-8BD2-7BBDF6EE3707}" = rport=137 | protocol=17 | dir=out | app=system |
"{7BFEDF8B-BB09-4B2B-BEF6-6A67F7A2C911}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C789058-2270-405B-A888-6DFD26CC98C7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{91E8952B-9513-4461-9D8F-05737B17CA03}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{982981CA-EC28-4917-8D5B-E64931462F0C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9E662D68-B9DC-4F62-9CF4-24E3EECE25D5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B47278D3-D086-43C2-9027-248FBDA0F674}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D532EBDE-289F-4D7C-87C3-A34442BC730A}" = lport=445 | protocol=6 | dir=in | app=system |
"{E71806D9-CD0C-4A8E-B221-F99C1838BE77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF0D3114-AA3C-4CA0-B188-3E59EB5DE5F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F3CB1D33-343D-490A-83E2-233626627B89}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1493ED9D-C759-4DA7-84BE-16DA3ED3564F}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{157CC5A1-E7EA-4A4D-8C57-9939E6EA6740}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{18A08E85-688A-4C17-A575-B4BAF5462763}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1B4D69C1-CDD6-479E-8F1E-847BC94F55FC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1B955C7D-BF23-42C7-BD57-C607D2B2E59A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{237BCC2E-3F86-4D8D-BC32-C30053BAC50D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{269918C6-8655-45AD-B096-C2CB5BD1276A}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{272D9FEC-D20A-4CA6-9E30-A4BC3941F7A9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{27C98F19-5341-425E-9001-18E35C08E4EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2F034B52-40DC-4E83-81DC-C1C28B2AA218}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{34C2C496-FB9C-456A-93A9-0AEFD23992BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{38E78D36-3AFB-4227-A028-F95A3E317A1B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3958A2C1-74B0-42AC-BAE7-ACDE45B84EFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AD4D357-CEBB-47BD-89D5-8E97F092814E}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{5C057DC1-88F0-44AF-B755-B9515EAD263F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67C3F36B-9FAD-41B9-83A6-3D2E0FBA748E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{71FE43C2-5F69-471A-BE9E-6BE5D5E81669}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{857BE3F8-E607-4EF2-BECE-91843964801E}" = protocol=6 | dir=out | app=system |
"{862F3FF3-B74A-4BC8-BD2E-13C5173417F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{87407D2F-97F9-4BF1-8B93-2BD920D8E8D0}" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe |
"{89BE4924-DD62-458D-8983-707A1B692445}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{965EF96A-2A99-4205-A484-D9002E38D350}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B64DED4F-2C06-4C6F-B975-451902538C2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBBDF91C-3E37-4091-800C-AB36C86D3FCC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BEB78F95-1D9F-4BBD-9726-704E5BDB2529}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C0C071E2-8269-4299-844C-023932A80495}" = dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe |
"{C7A7903C-B8BF-4203-A948-1AA8D6CC4F79}" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe |
"{D5654723-B867-4A8C-86B3-5A29FCBFB28A}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{D7387C7F-7928-4DF9-B2A2-8986A941165C}" = dir=out | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe |
"{DCCFFECB-D3A3-4100-90AD-D62951C1C2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E0CC08BD-BAB3-47D1-ABFF-09F3D30B6E16}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E81CBF9A-F7C7-41DB-9D2B-C6A409EEE16B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EC87AAE8-C22A-48F2-9E12-2853B2B04092}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2373573-0106-4C80-85EE-164110FF9673}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F49A7D95-3D91-4DE7-BBF0-62F5DBC3EB5E}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"TCP Query User{07CDEA5F-114C-4219-85B0-A5E83CF24293}C:\users\max\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\spotify\spotify.exe |
"TCP Query User{1AC089DD-0409-402E-8146-950A92F10244}C:\users\max\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C087D1CF-1E40-4B37-BEE6-F99A62BB1387}C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0508813B-B26D-4321-A594-2884966860D9}C:\users\max\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\spotify\spotify.exe |
"UDP Query User{48268E17-4811-41E2-8270-53B3CF2532D7}C:\users\max\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\spotify\spotify.exe |
"UDP Query User{76CA6A7A-1A47-4D82-BA42-8927567BA319}C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{47D73AFC-EC15-4B22-96D8-FC4487EBBE57}" = Intel(R) Network Connections 17.1.55.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software
"{DE02B016-E096-437F-8D96-853BB36011D5}" = Solid Edge ST4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"A-WIN-Extras 8.0.4 2615434_is1" = Mathematica Extras 8.0 (2615434)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"Creative VF0700" = Creative Live! Cam Chat HD (VF0700) (1.00.06.00)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"MatlabR2011a" = MATLAB R2011a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiKTeX 2.9" = MiKTeX 2.9
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 17.1.55.0
"R for Windows 2.15.1_is1" = R for Windows 2.15.1
"RolandRDID0098" = UA-1G Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ZTE USB Driver" = ZTE USB Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.114.08260
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{6CEF2BC6-8929-44EE-8360-175513E1A49A}" = Secure Download Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BF9E346B-5ECE-4A18-9510-55729FD08323}" = Sentinel System Driver Installer 7.5.1
"{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.13.0
"{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}" = Handelsbanken kortläsare
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DB150C19-4A8F-4EF7-AC75-96098EACE179}" = PDF Password Remover
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA7F689F-88EB-4946-B105-4C434CF5B07A}" = BankID säkerhetsprogram
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Inkscape" = Inkscape 0.48.4
"Internoise2000" = Internoise2000
"Mendeley Desktop" = Mendeley Desktop 1.8
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"Mozilla Thunderbird 17.0.6 (x86 en-US)" = Mozilla Thunderbird 17.0.6 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"o2DE" = Mobile Connection Manager
"Odeon11CombinedDemo" = Odeon 11 CombinedDemo (remove only)
"Odeon11Industrial" = Odeon 11 Industrial (remove only)
"Odeon12Industrial" = Odeon 12 Industrial (remove only)
"Pirateplayer" = Pirateplayer
"PlayCatan Client" = PlayCatan Access Software
"ProInst" = Intel PROSet Wireless
"SpectraPLUS" = SpectraPLUS
"SpectraPLUS-SC" = SpectraPLUS-SC
"Texmaker" = Texmaker
"Ubuntu One 4.1.91" = Ubuntu One
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.67
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.06.2013 11:08:16 | Computer Name = Max-ThinkPad | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 21.0.0.4879, time
stamp: 0x518ec3cc Faulting module name: xul.dll, version: 21.0.0.4879, time stamp:
0x518ec306 Exception code: 0xc0000005 Fault offset: 0x001c9789 Faulting process id:
0x34c Faulting application start time: 0x01ce61345c2fe77a Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: 94f8ffa8-cd28-11e2-bc8a-002713b84570
Error - 05.06.2013 10:41:09 | Computer Name = Max-ThinkPad | Source = Application Error | ID = 1000
Description = Faulting application name: texmaker.exe, version: 0.0.0.0, time stamp:
0x4fbe6624 Faulting module name: texmaker.exe, version: 0.0.0.0, time stamp: 0x4fbe6624
Exception
code: 0xc0000005 Fault offset: 0x0014ec93 Faulting process id: 0x13b0 Faulting application
start time: 0x01ce61fa71e3864b Faulting application path: C:\Program Files (x86)\Texmaker\texmaker.exe
Faulting
module path: C:\Program Files (x86)\Texmaker\texmaker.exe Report Id: f5add165-cded-11e2-9cc3-002713b84570
Error - 06.06.2013 06:30:15 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.
Error - 08.06.2013 10:36:48 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.
Error - 09.06.2013 08:39:56 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.
Error - 10.06.2013 06:20:19 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.
Error - 14.06.2013 04:41:07 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.
Error - 14.06.2013 05:22:24 | Computer Name = Max-ThinkPad | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 21.0.0.4879, time
stamp: 0x518ec3cc Faulting module name: xul.dll, version: 21.0.0.4879, time stamp:
0x518ec306 Exception code: 0xc0000005 Fault offset: 0x001c9789 Faulting process id:
0xf24 Faulting application start time: 0x01ce68d473a12213 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: ebf00bef-d4d3-11e2-9ca9-002713b84570
Error - 15.06.2013 14:09:41 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.
Error - 16.06.2013 07:44:17 | Computer Name = Max-ThinkPad | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".Error
in manifest or policy file "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll" on
line 9. The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
is invalid.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 14.06.2013 03:11:29 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 14.06.2013 03:16:25 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 14.06.2013 03:16:25 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 14.06.2013 03:16:25 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
Error - 16.06.2013 04:54:05 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108866
Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182
Invoked
Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description:
WINDOWS_ERROR_CODE
Error - 16.06.2013 04:54:05 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED
Error - 16.06.2013 04:54:11 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 16.06.2013 04:59:05 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 16.06.2013 04:59:05 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 16.06.2013 04:59:05 | Computer Name = Max-ThinkPad | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ System Events ]
Error - 30.05.2013 03:10:46 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR8.
Error - 03.06.2013 03:35:44 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR11.
Error - 03.06.2013 04:05:00 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR12.
Error - 03.06.2013 04:08:31 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR13.
Error - 04.06.2013 18:33:50 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 06.06.2013 11:51:41 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
Error - 09.06.2013 15:30:28 | Computer Name = Max-ThinkPad | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.
Error - 11.06.2013 10:07:28 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 12.06.2013 15:24:30 | Computer Name = Max-ThinkPad | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
Error - 13.06.2013 04:12:42 | Computer Name = Max-ThinkPad | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-17 19:19:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 rev. 0.00MB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Max\AppData\Local\Temp\fwlcykob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000154000 7 bytes [80, 93, F3, FF, 01, 9D, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000154008 3 bytes [C0, 06, 02]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076171465 2 bytes [17, 76]
.text C:\Program Files (x86)\Lenovo\System Update\SUService.exe[2924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761714bb 2 bytes [17, 76]
.text ... * 2
.text C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe[3808] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076171465 2 bytes [17, 76]
.text C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe[3808] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000761714bb 2 bytes [17, 76]
.text ... * 2
.text C:\Windows\SysWOW64\svchost.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076171465 2 bytes [17, 76]
.text C:\Windows\SysWOW64\svchost.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761714bb 2 bytes [17, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\svchost.exe [3532:3780] 000000007efa0000
Thread C:\Windows\SysWOW64\svchost.exe [3532:3900] 000000007efab973
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- EOF - GMER 2.1 ----
/Ramlosa |
| Themen zu MS DOS file im Anhang einer Mahnung: Habe sie geöffnet. |
| .zip file, 7-zip, adobe, anhang, antivir, avg, avira, bho, defender, downloader, error, excel, explorer, failed, firefox, flash player, install.exe, logfile, mahnung, monitor.exe, mozilla, ms dos, msvcrt, plug-in, registry, rundll, scan, sketchup, software, spotify web helper, super, svchost.exe, temp, udp, usb, visual studio, warnung, win32k.sys, windows |
Baum-Darstellung