Kermit_Frog | 14.06.2013 19:48 | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Seit einiger Zeit habe ich auf meinen Netbook mit hoher CPU-Last zu kämpfen. Der Lüfter läuft dauerhaft, der Rechner reagiert oft träge und hängt sich manchmal (wegen Überhitzung) auf.
Ich vermute, dass irgendein Programm oder sogar ein Trojaner hier Amok läuft.
Ich würde mich freuen, wenn mir jemand von Euch bei der Analyse des Problems hilft.
Nachfolgend die üblichen Logfiles: OTL.txt Code:
OTL logfile created on: 13.06.2013 20:28:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\eg\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,27% Memory free
3,98 Gb Paging File | 2,88 Gb Available in Paging File | 72,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 26,09 Gb Free Space | 26,09% Space Free | Partition Type: NTFS
Drive D: | 122,51 Gb Total Space | 17,78 Gb Free Space | 14,51% Space Free | Partition Type: NTFS
Computer Name: GONZO | User Name: eg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.13 19:58:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\eg\Downloads\OTL.exe
PRC - [2013.05.16 15:00:35 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.16 14:59:48 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.05.16 14:59:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.16 14:59:38 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.05 00:41:44 | 025,863,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\eg\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.29 10:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.12.29 10:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe
PRC - [2012.11.22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe
PRC - [2011.03.03 20:40:30 | 000,619,288 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe
PRC - [2010.09.02 20:15:49 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.08.10 00:04:58 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010.06.12 06:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2010.06.10 09:57:18 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010.06.09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010.05.29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010.05.21 14:42:48 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010.05.21 14:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010.04.07 07:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2009.09.11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.16 19:36:37 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 19:31:17 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.10 20:56:08 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\eg\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.15 23:37:43 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.01.26 20:18:14 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.20 21:16:33 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.20 21:15:55 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013.01.20 21:13:49 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.20 21:13:13 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.20 21:12:24 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\eg\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe
MOD - [2010.05.21 14:42:58 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
========== Services (SafeList) ==========
SRV - [2013.06.12 19:15:01 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.25 11:52:00 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.16 15:00:35 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.16 14:59:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.11.22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.05.21 14:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x86\Sandra.sys -- (SANDRA)
DRV - [2013.05.16 15:01:08 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.05.16 15:01:07 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.05.16 15:01:07 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.05.16 15:01:06 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.07.04 13:47:00 | 000,073,728 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2012.07.03 17:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.07.03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2012.07.03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2012.04.25 09:03:28 | 000,067,960 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2011.08.03 13:50:00 | 000,023,144 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2011.05.18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.02.10 18:54:46 | 000,684,664 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.05.10 11:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.03.31 03:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes,DefaultScope = {040A2185-BD8C-4711-BC4B-45E44F4A4963}
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{040A2185-BD8C-4711-BC4B-45E44F4A4963}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{3334E1F6-0B59-4D23-AAB7-2C1082B77840}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: treestyletab%40piro.sakura.ne.jp:0.14.2013052901
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: syncplaces@andyhalford.com:4.1.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.29 13:51:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.25 11:52:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.25 11:51:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.16 14:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.25 11:52:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.25 11:51:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.16 14:44:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011.02.21 21:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\Extensions
[2011.02.21 21:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.06.06 07:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\Firefox\Profiles\13xvkj54.default\extensions
[2012.10.16 20:18:13 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eg\AppData\Roaming\mozilla\Firefox\Profiles\13xvkj54.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.05.25 10:47:57 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\firebug@software.joehewitt.com.xpi
[2013.06.06 07:47:12 | 001,236,277 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\treestyletab@piro.sakura.ne.jp.xpi
[2013.05.13 07:43:06 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.06 07:47:12 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.05.25 11:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.05.25 11:51:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.05.25 11:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013.05.25 11:52:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Citrix\ICA Client\npicaN.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\eg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [CompeGPSDev] File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O4 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5500A6FB-91F4-40E5-84B8-FAB7BFDE3D5C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89B42C82-1942-4E9A-B100-655B02177761}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE9138DA-0A54-4A44-BFF9-DEE87921520A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b93ae107-bd6e-11e2-9ac1-20cf307c54be}\Shell - "" = AutoRun
O33 - MountPoints2\{b93ae107-bd6e-11e2-9ac1-20cf307c54be}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2030.01.01 15:18:28 | 000,000,000 | -HSD | C] -- C:\Boot
[2013.06.03 20:13:45 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Local\.elfohilfe
[2013.05.25 11:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.16 21:13:22 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.16 15:12:49 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Avira
[2013.05.16 15:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.16 15:06:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.16 15:06:13 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.16 15:06:13 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.16 15:06:13 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.16 15:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.16 15:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.16 14:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.15 17:29:56 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Local\LG Electronics
[2013.05.15 17:29:32 | 000,000,000 | ---D | C] -- C:\Users\eg\Documents\LG OSP
[2013.05.15 17:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG On-Screen Phone
[2013.05.15 17:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2013.05.15 15:03:15 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Mp3tag
[2013.05.15 15:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2013.05.15 15:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2013.05.15 10:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013.05.15 10:54:59 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2013.05.15 10:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2013.05.15 10:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2013.05.15 10:53:21 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Winamp
[2013.05.15 10:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2013.05.15 10:25:16 | 000,000,000 | ---D | C] -- C:\Users\eg\.local
[2013.05.15 10:22:40 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Amarok
[2013.05.15 10:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\Amarok
[2013.05.15 08:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
========== Files - Modified Within 30 Days ==========
[2013.06.13 20:14:28 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.13 19:53:12 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.13 19:00:06 | 000,010,016 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 19:00:06 | 000,010,016 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 18:52:40 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.13 18:44:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.13 07:09:14 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.06.13 07:09:14 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.06.13 07:09:13 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.06.13 07:09:13 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.06.13 06:50:04 | 1602,789,376 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.10 07:21:05 | 000,021,796 | ---- | M] () -- C:\Users\eg\Desktop\feierabendrunde.GPX
[2013.06.06 20:20:10 | 132,599,746 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013.06.06 18:54:47 | 000,007,598 | ---- | M] () -- C:\Users\eg\AppData\Local\Resmon.ResmonCfg
[2013.06.06 18:00:42 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.26 12:23:05 | 000,000,297 | ---- | M] () -- C:\Users\eg\AppData\Roaming\rftg
[2013.05.16 21:12:49 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.16 19:24:09 | 000,423,664 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.05.16 15:01:08 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.16 15:01:07 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.16 15:01:07 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.16 15:01:06 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.16 14:56:57 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif
[2013.05.15 16:54:40 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.05.15 14:24:22 | 000,014,347 | ---- | M] () -- C:\Users\eg\AppData\Local\recently-used.xbel
========== Files Created - No Company Name ==========
[2030.01.01 15:18:28 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2019.10.03 20:11:49 | 000,002,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.2.lnk
[2013.06.10 07:21:05 | 000,021,796 | ---- | C] () -- C:\Users\eg\Desktop\feierabendrunde.GPX
[2013.06.06 07:45:09 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.05.15 16:54:40 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.05.15 14:24:22 | 000,014,347 | ---- | C] () -- C:\Users\eg\AppData\Local\recently-used.xbel
[2013.04.28 12:54:03 | 000,011,264 | ---- | C] () -- C:\Users\eg\qlgt_save_v8.db
[2013.03.07 22:49:15 | 000,577,536 | ---- | C] () -- C:\windows\System32\ChilkatCsv.dll
[2012.06.13 14:42:27 | 000,003,584 | ---- | C] () -- C:\Users\eg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.12 10:16:27 | 000,011,264 | ---- | C] () -- C:\Users\eg\qlgt.db
[2012.01.28 10:21:04 | 000,007,598 | ---- | C] () -- C:\Users\eg\AppData\Local\Resmon.ResmonCfg
[2011.09.02 09:20:13 | 000,000,297 | ---- | C] () -- C:\Users\eg\AppData\Roaming\rftg
[2011.02.21 22:49:11 | 000,000,600 | ---- | C] () -- C:\Users\eg\AppData\Roaming\winscp.rnd
[2011.02.20 13:11:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.19 17:12:23 | 000,000,600 | ---- | C] () -- C:\Users\eg\AppData\Local\PUTTY.RND
[2010.09.02 20:16:21 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010.09.02 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010.09.02 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2013.05.20 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\.easytag
[2011.09.04 16:21:08 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\.kde
[2013.05.16 09:48:59 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\.purple
[2013.05.15 10:25:47 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Amarok
[2012.12.29 13:53:37 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\APP_NAME_NON_STRING
[2011.02.19 16:10:47 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Asus
[2011.12.12 15:04:46 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\BatteryBar
[2012.06.06 11:59:29 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Charles
[2011.02.19 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.02.19 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2012.05.30 09:02:28 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Dev-Cpp
[2011.02.23 21:33:27 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Dexpot
[2013.06.13 07:33:41 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Dropbox
[2013.04.07 10:16:26 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\elsterformular
[2013.04.28 13:52:51 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\esri
[2013.05.02 20:52:41 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\EurekaLog
[2013.06.10 07:30:16 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\FileZilla
[2011.06.22 10:44:01 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Garmin
[2012.01.28 14:10:52 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\GeoSetter
[2013.04.23 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\GetRightToGo
[2012.08.04 08:11:39 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\GHISLER
[2011.10.06 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\gnupg
[2013.05.20 12:26:12 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\gsak
[2012.09.12 07:31:21 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\gtk-2.0
[2012.11.01 22:05:03 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\ICAClient
[2011.02.20 12:32:49 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\IrfanView
[2012.01.11 22:39:56 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\LibreOffice
[2011.06.29 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Mobile Atlas Creator
[2013.05.16 10:06:58 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Mp3tag
[2013.05.13 18:38:13 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\MyPhoneExplorer
[2012.06.14 13:06:47 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Notepad++
[2011.03.12 10:47:23 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\OpenOffice.org
[2011.02.20 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Opera
[2012.12.29 14:12:06 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\PDF Architect
[2012.12.29 13:49:50 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\pdfforge
[2011.03.18 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Subversion
[2012.10.16 20:39:23 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\The Carbon Project
[2011.02.21 21:10:36 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Thunderbird
[2011.02.19 16:19:34 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 909 bytes -> C:\ProgramData\Temp:DFE3A43A
@Alternate Data Stream - 889 bytes -> C:\ProgramData\Temp:6297627A
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:AB689DEA
< End of report > Extras.txt Code:
OTL Extras logfile created on: 13.06.2013 20:28:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\eg\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,27% Memory free
3,98 Gb Paging File | 2,88 Gb Available in Paging File | 72,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 26,09 Gb Free Space | 26,09% Space Free | Partition Type: NTFS
Drive D: | 122,51 Gb Total Space | 17,78 Gb Free Space | 14,51% Space Free | Partition Type: NTFS
Computer Name: GONZO | User Name: eg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A01358-2621-45BB-BF25-D74BD3D220F5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{1156460D-3E84-497F-8C7C-E294EE248DE1}" = rport=139 | protocol=6 | dir=out | app=system |
"{1AEC20B1-42E4-475B-8369-E1B29283D9F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E957AB1-37F6-494A-814D-7B667EC75200}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{358B1C23-6DDB-413B-9D06-D5FF1B87FCF8}" = lport=138 | protocol=17 | dir=in | app=system |
"{511EE379-17BA-441C-B551-1B23983FFB47}" = lport=445 | protocol=6 | dir=in | app=system |
"{55A44C7B-1AC2-4FF8-9580-9164287E4E27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E59C946-5527-4C23-A8B1-95606F03EE47}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{6CE5FF9A-AA02-4618-9062-BD7D9490F9D3}" = rport=445 | protocol=6 | dir=out | app=system |
"{95F1ADC4-97A3-46AB-B759-7F7D925E166C}" = lport=139 | protocol=6 | dir=in | app=system |
"{960A7489-24CE-423B-AD5F-F8961215736C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2EEEBE4-7771-41C7-BDC6-84FFDBBAE9DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A864ECE1-658D-4391-AB4A-B7406D8B3848}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8F9EF69-7098-48E9-A737-B1F1B1959D28}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF40EDC5-C486-47D6-BD25-8CBFE76A36DE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\wnt500x86\rpcsandrasrv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E45204E-D469-4A52-A247-A64C630886EB}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{4191905D-5569-4313-94E0-79713A83F30E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4BAC7B52-45D2-4BCF-BD20-3C1144B4A0DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51622140-93DA-49E7-86C3-76DA5918AF7B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5B9A5092-F2B6-461D-9A4A-5617E253BB52}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{5C4C9AB6-FBD0-41AA-B61C-C457D47AB5EC}" = protocol=6 | dir=in | app=c:\users\eg\appdata\roaming\dropbox\bin\dropbox.exe |
"{8C1EA0FE-EBAD-4ACE-93D3-EE7DF9638B3B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93556778-0DBB-40C0-ABD8-D10C47781CCD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{98EC341F-05DF-4F52-89A5-C7A1AF3F543C}" = protocol=17 | dir=in | app=c:\users\eg\appdata\roaming\dropbox\bin\dropbox.exe |
"{C334E5D2-21B1-4AA7-B03C-6D25926D1A01}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C753CE21-D61C-44FD-BE47-9D45567A4EAC}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{D7A2A282-4A4A-44AD-A42F-31EDD5BCD011}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D98BCA2C-4039-435F-8BE0-5B791B36AA5E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{E8106E4E-BEA5-4420-971E-4188019F59F9}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{F867830A-72CF-4610-835F-61E3BBDD297D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC06E007-AF96-4D3F-8F0C-5468F27FB0E5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{02EA4E22-A842-4130-815F-779781A8C5D7}C:\users\eg\downloads\winscp.exe" = protocol=6 | dir=in | app=c:\users\eg\downloads\winscp.exe |
"TCP Query User{4DAAF179-2409-4063-9C94-8C60D616B969}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6C0FBDC3-DADB-4F39-9786-71456A160E79}C:\program files\charles\charles.exe" = protocol=6 | dir=in | app=c:\program files\charles\charles.exe |
"TCP Query User{72CAE42C-446B-4959-AE97-56B5918A4F9C}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{B38A1931-A176-4842-80B2-78F3EF707F07}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{C5433DE0-F98B-4599-A93D-80D1C34BBE44}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E124EDDB-33AC-4EEF-A743-2C0EC85DD8D4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F9697476-9BCA-45C1-8AB3-E4E498A58354}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{30F4FCF0-2FCB-49C8-B520-FCD7873E9C35}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{3FC7955A-070F-4575-8F24-89AB827188E0}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{95C5B411-F950-4F80-9E5C-B566B3DFA32D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{A1E2CCFF-DA77-4187-976B-3518196F21F0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{ABCC1B6E-7BDD-40D2-907B-A0B6E829623F}C:\users\eg\downloads\winscp.exe" = protocol=17 | dir=in | app=c:\users\eg\downloads\winscp.exe |
"UDP Query User{D552B1ED-5F0D-40EF-9341-FF1D32F9139D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{DC35982E-A5E1-4D79-B184-0E436F08145A}C:\program files\charles\charles.exe" = protocol=17 | dir=in | app=c:\program files\charles\charles.exe |
"UDP Query User{F57E98E6-D6D7-4B03-9505-D5C30D317FC4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0A561DC3-36F0-4EBA-961D-531F82D053C9}" = Self-Service Plug-in
"{0BC8B21E-EB38-4174-827B-89A5F80E8DDA}" = GraphicsSwitch
"{0EB183F5-17C6-45AA-96EC-888C615AD53C}" = Citrix Receiver (HDX Flash-Umleitung)
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{234AB115-C6C4-4ACB-A029-8845120E4F37}" = Online Plug-in
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{336A2C72-3D31-42F8-B6C0-8D1135FA5B0D}" = RCH65 Spoiler Downloader
"{36B6CCCF-97C3-4BC3-8890-A2E778C0037E}" = Citrix Receiver Updater
"{37334614-FAB1-4C67-9973-BC6C1DF82DAE}" = Citrix Receiver (USB)
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47C6C88F-FA95-49C8-B57D-5C5F093738E1}" = iTunes
"{49A3D943-9A41-44D7-9C28-E0EB6C1BB336}" = TortoiseSVN 1.6.13.20954 (32 bit)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB849D6-9392-4FB7-9ABB-87ED433152E5}" = LG United Mobile Drivers
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF1B080-4BE2-4355-ABA6-7902494EA9C7}" = ArcGIS Explorer Desktop
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ABD43F00-91CA-4BDC-A28E-CB3271A39386}" = Citrix Receiver (DV)
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF16A7AB-D2FA-48E5-9251-8E4CD5C916E1}_is1" = GiMeSpace Desktop Extender 3D v3.1.0.28 (requires Vista or later, install the normal Desktop Extender when using XP!)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C067C316-4036-4E97-B013-21DCBE649F81}_is1" = Race for the Galaxy version 0.8.1
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
"{DD811185-0A2F-460A-B1DD-D786E6034011}" = Citrix Receiver(Aero)
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E8FC7C4A-FE4E-4356-A1B7-4DC57620DD5C}" = Citrix Authentication Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}" = Adobe Photoshop Lightroom 4.2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcGIS Explorer Desktop" = ArcGIS Explorer Desktop
"Avira AntiVir Desktop" = Avira Free Antivirus
"BatteryBar" = BatteryBar (remove only)
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CompeGPS_7_5_is1" = CompeGPS LAND 7.5.2
"CompeGPS_is1" = CompeGPS LAND 7.5.2
"CompeGPSDownloader_is1" = CompeGPSDownloader version 1.13
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EasyTAG_is1" = EasyTAG 2.1
"ECW ActiveX Controls" = ECW ActiveX Controls 3.1.0.229
"Elantech" = ETDWare PS/2-x86 7.0.5.13_WHQL
"ElsterFormular" = ElsterFormular
"Ext2Fsd_is1" = Ext2Fsd 0.50
"FileZilla Client" = FileZilla Client 3.7.0.1
"GIMP-2_is1" = GIMP 2.8.2
"GnuPG" = GNU Privacy Guard
"Google Chrome" = Google Chrome
"GSAK_is1" = GSAK 8.2.1.180
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"IrfanView" = IrfanView (remove only)
"Kyocera Product Library" = Kyocera Product Library
"LG On-Screen Phone" = LG On-Screen Phone
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.55a
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OOBERegBackup_is1" = OOBERegBackup
"Opera 12.00.1467" = Opera 12.00
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PS3 Media Server" = PS3 Media Server
"ScreenSaverPatch_is1" = ScreenSaverPatch
"Spoiler Sync_is1" = Spoiler Sync
"SystemRequirementsLab" = System Requirements Lab
"Totalcmd" = Total Commander (Remove or Repair)
"TwoNav Tablet 2.5.2" = TwoNav Tablet 2.5.2
"TwoNav Tablet_is1" = TwoNav Tablet 2.5.2
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinMerge_is1" = WinMerge 2.14.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"Geocaching Live" = Geocaching Live
"RouteConverter" = RouteConverter
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.09.2012 15:50:43 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6084
Error - 13.09.2012 15:50:43 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6084
Error - 13.09.2012 15:50:44 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.09.2012 15:50:44 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7239
Error - 13.09.2012 15:50:44 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7239
Error - 13.09.2012 15:50:45 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.09.2012 15:50:45 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8253
Error - 13.09.2012 15:50:45 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8253
Error - 13.09.2012 15:50:46 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.09.2012 15:50:46 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9251
Error - 13.09.2012 15:50:46 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9251
[ System Events ]
Error - 26.05.2012 10:11:22 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 26.05.2012 15:11:05 | Computer Name = gonzo | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 28.05.2012 14:46:45 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 30.05.2012 01:48:19 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 30.05.2012 07:10:29 | Computer Name = gonzo | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 31.05.2012 05:31:31 | Computer Name = gonzo | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 01.06.2012 01:43:35 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 01.06.2012 01:44:43 | Computer Name = gonzo | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 01.06.2012 01:45:10 | Computer Name = gonzo | Source = DCOM | ID = 10010
Description =
Error - 01.06.2012 05:45:22 | Computer Name = gonzo | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report > GMER.log Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-14 17:23:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-80A23T0 rev.01.01A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\eg\AppData\Local\Temp\uxldqpow.sys
---- System - GMER 2.1 ----
SSDT 8056A11E ZwCreateSection
SSDT 8056A128 ZwRequestWaitReplyPort
SSDT 8056A123 ZwSetContextThread
SSDT 8056A12D ZwSetSecurityObject
SSDT 8056A132 ZwSystemDebugControl
SSDT 8056A0BF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 822919F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822CB1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 822D253C 4 Bytes [1E, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 822D2898 4 Bytes [28, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 822D28DC 4 Bytes [23, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 822D2958 4 Bytes [2D, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 822D29AC 4 Bytes [32, A1, 56, 80]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\PDF Architect\HelperService.exe[476] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\PDF Architect\HelperService.exe[476] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\wininit.exe[480] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\wininit.exe[480] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\winlogon.exe[524] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\winlogon.exe[524] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\services.exe[568] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\services.exe[568] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\iPod\bin\iPodService.exe[580] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\iPod\bin\iPodService.exe[580] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\lsass.exe[596] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\lsass.exe[596] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[708] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[708] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\nvvsvc.exe[780] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\nvvsvc.exe[780] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[792] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[792] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[804] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[804] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[848] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[848] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\System32\svchost.exe[928] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\System32\svchost.exe[928] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\System32\svchost.exe[976] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\System32\svchost.exe[976] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1056] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1056] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1104] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\PDF Architect\ConversionService.exe[1260] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\PDF Architect\ConversionService.exe[1260] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1292] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\WLANExt.exe[1380] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\WLANExt.exe[1380] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\conhost.exe[1388] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\conhost.exe[1388] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\System32\spoolsv.exe[1436] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\System32\spoolsv.exe[1436] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1524] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1524] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\AsusService.exe[1888] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\AsusService.exe[1888] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Bonjour\mDNSResponder.exe[1932] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Bonjour\mDNSResponder.exe[1932] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\AsScrPro.exe[1944] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\AsScrPro.exe[1944] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1956] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1956] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\Dwm.exe[2056] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\Dwm.exe[2056] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2064] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2064] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\1&1 Surf-Stick\AssistantServices.exe[2068] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\1&1 Surf-Stick\AssistantServices.exe[2068] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Users\eg\AppData\Roaming\Dropbox\bin\Dropbox.exe[2112] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Users\eg\AppData\Roaming\Dropbox\bin\Dropbox.exe[2112] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\igfxpers.exe[2176] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\igfxpers.exe[2176] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\hkcmd.exe[2180] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\hkcmd.exe[2180] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\Explorer.EXE[2196] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\Explorer.EXE[2196] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\iTunes\iTunesHelper.exe[2372] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\iTunes\iTunesHelper.exe[2372] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\1&1 Surf-Stick\UIExec.exe[2376] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\1&1 Surf-Stick\UIExec.exe[2376] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2412] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2412] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[2456] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[2456] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\igfxtray.exe[2520] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\igfxtray.exe[2520] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2544] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2544] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2568] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2568] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2656] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2656] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Elantech\ETDCtrl.exe[2832] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Elantech\ETDCtrl.exe[2832] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2900] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2900] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\nvvsvc.exe[2908] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\nvvsvc.exe[2908] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2928] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2928] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[3140] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[3140] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3360] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3360] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3404] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3404] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3448] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3448] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3472] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3472] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\igfxsrvc.exe[3496] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\igfxsrvc.exe[3496] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\wbem\wmiprvse.exe[3664] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\wbem\wmiprvse.exe[3664] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\taskhost.exe[4064] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\taskhost.exe[4064] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6008] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6008] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Users\eg\Downloads\gmer_2.1.19163.exe[6720] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Users\eg\Downloads\gmer_2.1.19163.exe[6720] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[7816] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[7816] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[7920] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[7920] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dab1478
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db4b67f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db4b67f@00237f44dc2e 0xE9 0x22 0x11 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db4b67f@001813474060 0xD4 0x5A 0x93 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dab1478 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db4b67f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db4b67f@00237f44dc2e 0xE9 0x22 0x11 0x14 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db4b67f@001813474060 0xD4 0x5A 0x93 0x36 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- |