Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner nach Besuch von suspekter Webseite (https://www.trojaner-board.de/98858-trojaner-besuch-suspekter-webseite.html)

zn8b3opd6v 09.05.2011 14:51
Trojaner nach Besuch von suspekter Webseite
 
Liebe Experten, wäret Ihr so nett, Euch mal einen Gmer-Log anzuschauen? Ich habe neulich auf einen Link geklickt, der möglicherweise bösartig war. Das wäre eine große Hilfe. Vielen Dank und Gruß, zn

GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2011-05-09 14:38:40
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA73F0A3B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA73F0A65]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA73F0A8F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA73F0A4F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA73F0A27]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA73F0AA5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA73F0A79]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP A73F0A7D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 805790A8 5 Bytes JMP A73F0A3F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP A73F0A93 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP A73F0AA9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B841E 7 Bytes JMP A73F0A53 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D1230 5 Bytes JMP A73F0A69 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP A73F0A2B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E00000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E00049
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E00F54
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E00F65
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E00022
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E00FA5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E00F2F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E00081
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E000C8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E000A3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E00F14
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E00F8A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E00011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E0005A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E00FC0
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E00FDB
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E00092
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DF002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DF007D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DF0011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DF0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DF006C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DF0FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00DF0FC0
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [FF, 88]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DF003D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE0F90
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FBC
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0FE3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0FAB
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0FE5
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0F72
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0F8D
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA0067
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0F9E
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0036
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F33
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F50
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA00C2
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA00B1
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CA0F18
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CA0FAF
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CA0F61
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CA0FCA
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CA001B
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CA0096
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00070FDB
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00070F8A
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [27, 88]
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060F90
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!system 77C293C7 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FAB
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FE3
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FC6
.text C:\WINDOWS\system32\services.exe[760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E4007D
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E4006C
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E4005B
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E4004A
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E40039
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40F6B
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E400B3
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E40F3F
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E400CE
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E400F3
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E40FA8
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E40FDE
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E40098
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E40014
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E40FCD
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E40F5A
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E3006F
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E3001B
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E30FA8
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E3004A
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E30FC3
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E20038
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E20FAD
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E20FD2
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E20FE3
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E2001D
.text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E2000C
.text C:\WINDOWS\system32\lsass.exe[772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B40091
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B40076
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B40065
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B4004A
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B40039
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B40F5A
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B400AC
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B400F3
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B400CE
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B40104
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B40FB2
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B40014
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B40F81
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B40FC3
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B40FDE
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B400BD
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B30FC3
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B30065
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B30FDE
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B30014
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B3004A
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B30039
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B30FB2
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B20FB9
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20044
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20FDE
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20033
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC0F8D
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0FA8
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0FB9
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC006C
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0040
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC0F70
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC00B8
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC00F8
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC0F55
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CC0109
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CC0051
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CC00A7
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CC0FCA
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CC001B
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CC00D3
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CB0FB9
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CB0040
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CB0FD4
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CB002F
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CB0F8D
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [EB, 88] {JMP 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CB0F9E
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA0042
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA0FB7
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA001D
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA0FC8
.text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA0FE3
.text C:\WINDOWS\system32\svchost.exe[1020] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025E0FE5
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025E0073
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025E0062
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025E0F88
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025E0051
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025E0036
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025E00B5
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025E008E
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025E00F2
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025E00D7
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 025E0103
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 025E0FB9
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 025E0FCA
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 025E0F63
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 025E0025
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 025E0000
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 025E00C6
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 025D0025
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 025D006C
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 025D0FD4
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 025D0FE5
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 025D0051
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 025D0000
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 025D0FAF
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [7D, 8A] {JGE 0xffffffffffffff8c}
.text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 025D0036
.text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01B90FAB
.text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!system 77C293C7 5 Bytes JMP 01B90036
.text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01B90FCD
.text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01B90000
.text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01B90FBC
.text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01B90011
.text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B80FEF
.text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01B70FE5
.text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01B70000
.text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01B70FD4
.text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01B7001B
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00860000
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0086009D
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00860FA8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00860076
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00860065
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00860FC3
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00860F7C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00860F8D
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00860F61
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00860104
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00860F50
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0086004A
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00860FE5
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 008600B8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00860FD4
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00860025
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 008600E9
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00850FBC
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0085004A
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00850FCD
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00850FDE
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00850039
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00850FEF
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00850FA1
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [A5, 88]
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00850028
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00840F90
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00840011
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00840FC6
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00840000
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00840FAB
.text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00840FE3
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00830FEF
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0093
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0082
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0071
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD004A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0FB2
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0F72
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F83
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD00D5
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0F3C
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CD0F21
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CD0039
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CD00AE
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CD0FC3
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CD0FD4
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CD0F4D
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CC0036
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CC0076
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CC0FB9
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CC0FCA
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [EC, 88]
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CC0051
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CB0038
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB001D
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CB000C
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_open 77C2F566 3 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_open + 4 77C2F56A 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CB0FAD
.text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CB0FD2
.text C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00C9000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03300000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03300036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03300F4B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03300025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03300F72
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03300F9E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03300F15
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03300F26
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03300093
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03300EF0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 033000A4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 03300F83
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03300FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 03300051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 03300FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 03300FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 03300078
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 032F0FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 032F007D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 032F002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 032F001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 032F006C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 032F0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 032F0051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 032F0FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 032E0F9E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!system 77C293C7 5 Bytes JMP 032E0FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 032E0029
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 032E000C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 032E0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 032E0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] WS2_32.dll!socket 71AB4211 5 Bytes JMP 032D0000
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F70
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F81
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0051
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F55
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0091
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F33
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00CC
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F18
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0080
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0040
.text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F44
.text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FD1
.text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0029007D
.text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0029002C
.text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290011
.text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290062
.text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290FC0
.text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [49, 88]
.text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0029003D
.text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F97
.text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FCD
.text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0022
.text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\Explorer.EXE[3796] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[3796] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[3796] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C0025
.text C:\WINDOWS\Explorer.EXE[3796] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 002C0036
.text C:\WINDOWS\Explorer.EXE[3796] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02580FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)
IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

markusg 09.05.2011 14:54
hallo,
1. hast du den link noch, falls ja, als private nachicht an mich.
2. zeigt der pc symtome, wenn ja welche?

zn8b3opd6v 09.05.2011 15:01
Danke für die schnelle Reaktion, markusg.
1. Den Link habe ich noch. Wo finde ich den Deine priv Email-Aresse
2. Keine Symptome. Aber muß ja nichts heißen....
Danke. Gruß, zn

markusg 09.05.2011 15:03
klicke auf meinen namen, also auf markusg, dann auf nachicht senden, dann private nachicht senden und dort erst nen betreff eingeben und dann den link

markusg 09.05.2011 15:15
ok site ist offline

download malwarebytes:
Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

zn8b3opd6v 09.05.2011 16:55
Danke. Was bedeutet "funde entfernen"?
Der Scan ist durch. Die nc.exe brauche ich ab und zu. Das ist okay.
Ist das andere auch okay? Vielen Dank im Voraus. Gruß, nz

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6538

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09.05.2011 17:53:37
mbam-log-2011-05-09 (17-53-26).txt

Scan type: Full scan (C:\|)
Objects scanned: 271970
Time elapsed: 32 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (PUM.Hijack.Run) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (PUM.Hijack.Drives) -> Bad: (4) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\Bat\nc.exe (Backdoor.NetCat) -> No action taken.

markusg 09.05.2011 17:13
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (PUM.Hijack.Run) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (PUM.Hijack.Drives) -> Bad: (4) Good: (0) -> No action taken.
diese über ergebniss anzeigen markieren und entfernen.

zn8b3opd6v 09.05.2011 17:58
Hab ich gemacht und gebootet. That's it? Oder soll ich noch was prüfen? War das etwas ernsthaftes?
Vielen Dank für die super-schnellen Antworten.
Gruß, zn
PS: für einen Menschen bist Du zu schnell, aber für einen Bot zu intelligent. Gruß, zn

markusg 09.05.2011 18:07
nichts ernsthaftes.
lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

zn8b3opd6v 10.05.2011 07:10
Ich glaube, ich brauche das Meiste. Bei dem MS-Zeug bin ich mir natürlich nicht ganz sicher...
nötig 7-Zip 9.20
nötig ActivePerl 5.12.3 Build 1204 ActiveState 5.12.1204
nötig Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 10.0.12.36
nötig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.2.152.32
nötig Adobe Reader 9 Adobe Systems Incorporated 9.0.0
nötig CCleaner Piriform 3.06
nötig Citrix ICA Client englisch 9.150.39151
nötig Citrix WEB Client
nötig Compatibility Pack for the 2007 Office system Microsoft Corporation 12.0.6021.5000
nötig doPDF Softland 7.1
nötig doPDF 6.2.301
nötig Dot Net Framework 3.5 SP1
nötig eDocPrinter PDF Pro Ver 6.24 ITEKSOFT Corporation
nötig IBM Lotus Quickr Connectors IBM 8.5.0.882
nötig Intel(R) Graphics Media Accelerator Driver Intel Corporation 6.14.10.5179
nötig J2SE Runtime Environment 5.0 Update 7 Sun Microsystems, Inc. 1.5.0.70
nötig Java(TM) 6 Update 24 Sun Microsystems, Inc. 6.0.240
nötig KeePass Password Safe 2.14 Dominik Reichl
nötig Lotus Notes 8.5.2 IBM 8.52.10222
nötig Malwarebytes' Anti-Malware Malwarebytes Corporation
nötig McAfee VirusScan Enterprise McAfee, Inc. 8.6.0
nötig MetaFrame Presentation Server Client Citrix Systems, Inc. 9.150.39151
nötig Microsoft .NET Framework 1.1
nötig Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
nötig Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 2.2.30729
nötig Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
nötig Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 3.2.30729
nötig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation
nötig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
nötig Microsoft Office 2003 French User Interface Pack Microsoft Corporation 11.0.7969.0
nötig Microsoft Office 2003 French User Interface Pack 11.0 SP2
nötig Microsoft Office 2003 German User Interface Pack Microsoft Corporation 11.0.7969.0
nötig Microsoft Office 2003 German User Interface Pack 11.0 SP2
nötig Microsoft Office 2003 Italian User Interface Pack Microsoft Corporation 11.0.5614.0
nötig Microsoft Office 2003 Italian User Interface Pack 11.0 SP2
nötig Microsoft Office Live Meeting 2007 Microsoft Corporation 8.0.6362.128
nötig Microsoft Office Standard 2003 SP2
nötig Microsoft Office Standard Edition 2003 Microsoft Corporation 11.0.7969.0
nötig Microsoft Office Visio 2003 French User Interface Pack Microsoft Corporation 11.0.7969.0
nötig Microsoft Office Visio 2003 German User Interface Pack Microsoft Corporation 11.0.7969.0
nötig Microsoft Office Visio 2003 Italian User Interface Pack Microsoft Corporation 11.0.7969.0
nötig Microsoft Office Visio Standard 2003 Microsoft Corporation 11.0.3216.5614
nötig Microsoft Silverlight Microsoft Corporation 3.0.50106.0
nötig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.56336
nötig MindManager X5 Mindjet LLC 5.2.344
nötig Mozilla Firefox (3.6.17) Mozilla 3.6.17 (en-US)
nötig PingPlotter Standard 3.30.4s Nessoft, LLC 3.30.4s
nötig Project Reader K-SOL S.r.l. 3.06.0000
nötig Quality Center Client Side HP 9.2.0.0
nötig Realtek High Definition Audio Driver Realtek Semiconductor Corp.
nötig Sybase Adaptive Server Enterprise Suite
nötig Sybase Software Developer's Kit 12.5.1 ESD 8
nötig TANDBERG ConferenceMe (TM) TANDBERG 1.0.1.2
nötig Test_Lotus Notes 8.5.2 EN
nötig VitalQIP
nötig VLC media player 1.1.7 VideoLAN 1.1.7
nötig Windows Internet Explorer 8 Microsoft Corporation 20090308.140743
nötig WinMerge 2.4.10.0 Thingamahoochie Software 2.4.10.0
nötig WinPcap 4.1.2 CACE Technologies 4.1.0.2001
nötig WinSCP 4.3.2 Martin Prikryl 4.3.2
nötig Wireshark 1.4.3 The Wireshark developer community, Wireshark Go deep. 1.4.3

markusg 10.05.2011 09:21
Adobe Reader 9
Adobe - Adobe Reader herunterladen - Alle Versionen
nimm den haken bei mcafee security scan raus.
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus,
internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok

deinstaliere.
J2SE
Java(TM) 6 Update 24
Java SE Downloads
klicke download jre an
Mozilla Firefox hier gibts bereits version 4
über hilfe, update instalieren

bereinige mit dem ccleaner.

zn8b3opd6v 10.05.2011 11:36
Danke. Bin ich soweit durch. Vielen Dank für die Super-Hilfe und die Super-Reaktionszeit. Gruß, zn

markusg 10.05.2011 11:47
wir können den pc noch absichern falls erwünscht

zn8b3opd6v 10.05.2011 12:24
gerne, wenn das nicht so kompliziert ist... zn

markusg 10.05.2011 12:28
erst mal scanne nach update mit mcafee.
kompliziert denke ich nicht, man muss sich halt an 2 3 neue programme gewöhnen, dauert aber nicht lang und sie werden
nützlich sein.

zn8b3opd6v 10.05.2011 12:46
meinst du, McAfee upgraden?

markusg 10.05.2011 14:04
ein update, falls es aber eine neuere version gibt, dann upgraden, man sollte da immer auf dem neuesten stand bleiben

zn8b3opd6v 10.05.2011 15:03
Danke. Hältst Du McAfee überhaupt für eine gute Lösung? Oder Kannst Du etwas anderes empfehlen?

markusg 10.05.2011 15:20
mcafee ist schon ok.
wenn du gescant hast geb ich dir noch weitere tipps, denn nur ein av-scanner zu nutzen reicht nicht.

zn8b3opd6v 10.05.2011 16:58
So, der Scan ist endlich durch. Zum Glück nichts gefunden. Was soll ich noch installieren?

Übrigens: ich habe noch ein Notebook, soll ich dafür einen eigenen Thread aufmachen? Oder einfach hier weiter, wenn wir mit dem 1. fertig sind?
Danke für Deine Unterstütung bisher. zn

markusg 10.05.2011 17:14
hi, was ist mit dem notebook?

http://www.trojaner-board.de/96344-a...-rechners.html
hier alle!! tipps für xp /abarbeiten.
das eingeschrenkte nutzerkonto kannst du dir sparen, ist besser wenn man das bei neu instalation macht.
anmerkungen meiner seits:

als browser solltest du den opera nutzen, er ist sicherer und schneller.
wenn er dir nicht gefällt passe ich meine anleitung für den ff an.
um das surfen sicherer zu machen, würde ich sandboxie empfehlen.
Download:
http://filepony.de/download-sandboxie/
anleitung:
Sandbox*Einstellungen |

(als pdf)
hier noch ein paar zusatzeinstellungen, nicht verunsichern lassen, wenn du das programm instaliert hast, werden sie klar.
den direkten datei zugriff bitte auf opera beschrenken,
bei
Internetzugriff:
opera.exe
öffne dann sandboxie, dann oben im menü auf sandbox klickem, wähle deine sandbox aus und klicke dann auf sandboxeinstellung.
dort auf anwendung, webbrowser, andere dort auf direkten zugriff auf opera bookmarks erlauben. dann auf hinzufügen und ok.
somit kannst du deine lesezeichen auch in der sandbox dauerhaft abspeichern.

wenn du mit dem programm gut auskommst, ist ne lizenz zu empfehlen.
1. es gibt dann noch ein paar mehr funktionen.
2. kommt nach nem monat die anzeige, dass das programm freeware ist, die verschwindet erst nach ner zeit, find ich n bissel nerfig.
3. ist die lizenz lebenslang gültig, kostenpunkt rund 30 €, und du kannst sie auf allen pcs in deinem haushalt einsetzen.

bitte ab sofort anstelle des browser symbols nur noch das sandboxed web browser symbol anklicken.
eine sandbox ist eine vom system isoliert arbeitene umgebung, wenn hier ein schadprogramm reingelangt, läuft es im besten falle nicht, da wir die sandbox eingeschrenkt haben, oder es läuft, kommt aber nicht raus.
kenne keine malware, die das im moment kann.
dieses konzept muss, um die maximale wirkung zu erreichen, komplett umgesetzt werden.
hier greifen nämlich mehrere maßnamen.
- updates von windows.
durch das automatische updaten von windows werden jeden monat sicherheitslücken geschlossen durch die man schadcode einschläusen kann.
- updates mit secunia und file hippo.
diese programme helfen dir, die gesammte restliche software aktuell zu halten, auch hier werden lücken geschlossen, durch die angreifer schadcode einschläusen
wir nutzen 2 programme zum prüfen auf updates, um definitiv alle abzudecken.
die updates sollten immer sofort instaliert werden.
hiermit wird einem potentiellen angreifer die möglichkeit genommen schadcode einzuschläusen.
natürlich gibts immer unbekannte, bzw bekannte aber noch nicht geschlossene lücken.
deswegen:
eingeschrenktes nutzerkonto: dieses konto ist für die tägliche arbeit, das admin konto nur für instalationen.
hier werden programme mit eingeschrenkten rechten ausgestattet, somit wird malware die möglichkeit erschwert, sich im system festzusetzen.
uac:
die uac gibt dir kontrolle über prozesse die gestartet werden sollen, bitte meldungen genau lesen und im zweifelsfalle auf nein klicken.
dep und sehop tun dies ebenfalls.
- sandboxie ist ein wichtiger bestandteil, auf den ich schon eingegangen bin.
auf ein antimalwareprogramm sollte man, zu mindest als einzellösung sich nicht verlassen.
es gibt jeden tag rund 50000 neue malware variannten, da kommt kein hersteller hinterher.
es ist aber, mit den anderen getroffenen maßnamen durchaus nützlich, wenn es, nach der geposteten anleitung konfiguriert, und damit auch immer aktuell ist.
das backup:
dieses kannst du nutzen, wenn:
- malware auf dem system ist
- es andere probleme mit dem pc gibt.
mit dem backup wird das system auf einen sauberen zustand wiederhergestellt, also führe es regelmäßig aus, dann hast du keine daten verlusste.
wenn du fragen hast, probleme, oder erfolgreich warst, melde dich bitte.

zn8b3opd6v 10.05.2011 17:26
vielen dank für die Tipps zur Absicherung. Da brauche ich ein Weile dazu, um das zu verdauen und umzusetzen. Das ist eine Super-Arbeit von Euch!!!

Mit dem Notebook ist eigentlich nichts auffälliges. Aber zu Sicherheit habe ich mal Germ drübergejagt:

GMER Logfile:
Code:
GMER 1.0.15.14966 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-09 21:22:47
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.15 ----

?  c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76FA7779-5ADB-45DC-8447-48C9907B375E}\MpKsl7838666f.sys  The system cannot find the file specified. !

---- EOF - GMER 1.0.15 ----
--- --- ---

markusg 10.05.2011 17:45
poste lieber otl logs. gmer sucht ja nur nach rootkits.

zn8b3opd6v 10.05.2011 18:03
otl? was ist das?

markusg 10.05.2011 18:04
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

zn8b3opd6v 10.05.2011 21:20
Hier kommt das Zeug. Danke im Voraus.OTL Logfile:
Code:
OTL logfile created on: 10.05.2011 21:37:33 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\tdo114\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 122,98 Gb Free Space | 26,40% Space Free | Partition Type: NTFS
 
Computer Name: ONEHEART | User Name: tdo114 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\tdo114\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MacroData Inc\NetDrive\netdrive.exe (MacroData Inc.)
PRC - C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe (MacroData Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
PRC - C:\WINDOWS\system32\lmabcoms.exe ( )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\tdo114\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ACDaemon) --  File not found
SRV - (ndsvc) -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe (MacroData Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (lmab_device) -- C:\WINDOWS\System32\LMabcoms.exe ( )
SRV - (SR_Watchdog) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
SRV - (SR_Service) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- c:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- c:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- c:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsl7838666f) --  File not found
DRV - (MpKsle7d0f56f) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{132EDCB5-8701-46B1-BB67-6E6C6CCD7A7D}\MpKsle7d0f56f.sys (Microsoft Corporation)
DRV - (ndfs) -- C:\Program Files\MacroData Inc\NetDrive\NDFS.sys (MacroData Inc.)
DRV - (NETwLx32)    Intel(R) -- C:\WINDOWS\system32\drivers\NETwLx32.sys (Intel Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (CP_OMDRV) -- C:\WINDOWS\system32\drivers\omdrv.sys (Check Point Software Technologies)
DRV - (FW1) -- C:\WINDOWS\system32\drivers\fw.sys (Check Point Software Technologies)
DRV - (VNASC) -- C:\WINDOWS\system32\drivers\vnasc.sys (Check Point Software Technologies)
DRV - (VPN-1) -- C:\WINDOWS\System32\drivers\vpn.sys (Check Point Software Technologies)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (NETMDUSB) -- C:\WINDOWS\system32\drivers\NETMD052.sys (Sony Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.09 18:54:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 14:18:46 | 000,000,000 | ---D | M]
 
[2010.07.23 23:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tdo114\Application Data\Mozilla\Extensions
[2011.05.10 19:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tdo114\Application Data\Mozilla\Firefox\Profiles\bgpwf7j0.default\extensions
[2011.04.03 17:11:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\tdo114\Application Data\Mozilla\Firefox\Profiles\bgpwf7j0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.10 19:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.11.28 10:31:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.06.03 17:33:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2011.02.21 18:31:30 | 000,001,195 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 192.168.178.31        clemens-iphone        tdo114s-iPhone
O1 - Hosts: 192.168.178.23        yuko-wlan        yuko-pc
O1 - Hosts: 192.168.178.22        lexmark        printer et0021b730800d
O1 - Hosts: 192.168.178.28 ET0021B730800D lexmark ET0021B730800D.fritz.box
O1 - Hosts: 10.122.30.150        munich1
O1 - Hosts: 10.122.30.151        munich4
O1 - Hosts: 10.122.30.152        munich8
O1 - Hosts: 10.138.224.231        munich102
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Biomenu] C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Netdrive] C:\Program Files\MacroData Inc\NetDrive\netdrive.exe (MacroData Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-789336058-1214440339-839522115-1004..\Run: [PureSync] C:\Program Files\PureSync\PureSyncTray.exe (Jumping Bytes)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk = C:\Program Files\WISO\Steuersoftware 2011\mshaktuell.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1214440339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-789336058-1214440339-839522115-1004\..Trusted Domains: linde.com ([eu.secure] https in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://places.linde.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://eu.secure.linde.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (PSLogon.dll) - C:\WINDOWS\System32\PSLogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\psfus: DllName - fusstub.dll - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.17 22:42:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b01d434-cf46-11dd-a188-544858770508}\Shell - "" = AutoRun
O33 - MountPoints2\{0b01d434-cf46-11dd-a188-544858770508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b01d434-cf46-11dd-a188-544858770508}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0b01d436-cf46-11dd-a188-544858770508}\Shell - "" = AutoRun
O33 - MountPoints2\{0b01d436-cf46-11dd-a188-544858770508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b01d436-cf46-11dd-a188-544858770508}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3d7675df-cf49-11dd-a189-0019d2254f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{3d7675df-cf49-11dd-a189-0019d2254f8b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3d7675df-cf49-11dd-a189-0019d2254f8b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{417cd7fc-6751-11de-a1b7-0013a98fe766}\Shell\AutoRun\command - "" = H:\EmDesk.exe
O33 - MountPoints2\{417cd7fc-6751-11de-a1b7-0013a98fe766}\Shell\EmDesk\command - "" = H:\EmDesk.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.10 19:38:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tdo114\Desktop\OTL.exe
[2011.04.25 19:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.04.16 22:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eMindMaps
[2011.04.16 22:19:55 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\tdo114\My Documents\My Safe
[2011.01.16 17:07:21 | 000,401,408 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2011.01.16 17:06:50 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpmui.dll
[2011.01.16 17:06:49 | 001,040,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabserv.dll
[2011.01.16 17:06:49 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabusb1.dll
[2011.01.16 17:06:49 | 000,479,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpar1.dll
[2011.01.16 17:06:49 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiesc.dll
[2011.01.16 17:06:48 | 000,905,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabip1.dll
[2011.01.16 17:06:48 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lmablmpm.dll
[2011.01.16 17:06:48 | 000,450,560 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiobj.dll
[2011.01.16 17:06:48 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabinpa.dll
[2011.01.16 17:06:48 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabhcp.dll
[2011.01.16 17:06:47 | 000,593,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcoms.exe
[2011.01.16 17:06:47 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomm.dll
[2011.01.16 17:06:46 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.10 19:40:28 | 000,001,768 | -H-- | M] () -- C:\Documents and Settings\tdo114\My Documents\Default.rdp
[2011.05.10 19:37:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tdo114\Desktop\OTL.exe
[2011.05.09 21:39:23 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MindManager X5.lnk
[2011.05.09 19:30:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.05.03 22:08:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.03 22:07:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.05.03 21:59:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.01 18:13:55 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011.05.01 18:07:35 | 000,000,661 | ---- | M] () -- C:\WINDOWS\wiso.ini
[2011.04.25 20:07:58 | 000,000,167 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2011.04.25 19:39:35 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011.04.22 10:47:45 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011.04.16 22:40:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eMindMaps.lnk
[2011.04.15 19:00:27 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.15 18:52:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.15 18:52:00 | 000,442,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.15 18:52:00 | 000,071,882 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.16 22:40:09 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eMindMaps.lnk
[2010.10.03 19:10:16 | 000,054,324 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.06.06 17:57:16 | 000,000,073 | ---- | C] () -- C:\WINDOWS\MindManager.INI
[2010.05.20 17:33:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2010.05.20 17:33:36 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2010.03.06 09:12:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.02.18 21:57:22 | 000,000,661 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2009.12.18 20:02:13 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.09.13 16:56:12 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009.05.16 21:02:36 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009.03.06 17:33:26 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\epdf0407.dll
[2009.03.06 17:31:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\epdf0406.dll
[2009.02.06 21:50:01 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\tdo114\Local Settings\Application Data\fusioncache.dat
[2009.01.15 20:04:42 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.01.09 00:16:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2009.01.08 19:24:50 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009.01.08 19:24:50 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009.01.08 19:24:50 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009.01.08 19:24:50 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009.01.08 19:24:50 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009.01.08 19:24:50 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009.01.08 19:24:50 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009.01.08 19:24:50 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009.01.08 19:24:50 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009.01.08 19:24:50 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009.01.08 19:24:50 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009.01.08 19:24:50 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009.01.08 19:24:50 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009.01.08 19:24:50 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009.01.08 19:24:50 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009.01.08 19:24:50 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009.01.08 19:24:50 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009.01.08 19:24:50 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009.01.08 19:24:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.12.24 17:25:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.12.23 21:55:01 | 000,000,250 | ---- | C] () -- C:\WINDOWS\PSIDATA.INI
[2008.12.21 13:36:53 | 000,068,946 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2008.12.21 13:36:53 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2008.12.21 11:50:42 | 000,228,216 | ---- | C] () -- C:\WINDOWS\OptionPCCardInstaller_tmccUninstall.exe
[2008.12.20 19:16:26 | 000,017,596 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.12.20 19:16:24 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.12.20 17:27:52 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\tdo114\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.20 17:15:06 | 000,001,172 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.12.20 10:18:29 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008.12.19 23:35:52 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008.12.19 23:35:52 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008.12.19 23:34:53 | 000,000,704 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008.12.19 23:24:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.12.19 23:24:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.12.19 23:24:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.12.19 23:24:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.12.19 23:24:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.12.19 23:24:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.12.19 23:24:22 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008.12.19 23:24:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2008.12.19 22:16:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.12.19 20:57:45 | 000,000,167 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2008.12.19 01:35:45 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin
[2008.12.19 01:35:45 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin
[2008.12.18 00:59:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.12.17 23:50:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008.12.17 23:49:21 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008.12.17 23:28:03 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.12.17 23:21:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.12.17 23:20:00 | 000,290,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.12.17 22:43:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.12.17 22:39:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008.01.29 17:15:16 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008.01.29 17:15:04 | 000,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2007.10.22 08:53:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2007.08.06 13:34:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\bmverify.exe
[2006.10.31 18:37:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006.08.10 16:00:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2006.06.20 10:45:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.07.22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 14:00:00 | 000,442,112 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 14:00:00 | 000,071,882 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2008.12.21 13:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Birdstep Technology
[2008.12.18 00:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Protector Suite
[2010.05.21 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2010.02.18 21:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buhl Data Service GmbH
[2010.04.12 21:48:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010.04.30 18:39:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008.12.20 10:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009.05.30 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IEConfiguration1und1
[2011.02.15 18:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008.12.20 17:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2009.05.16 20:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2008.12.20 10:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009.07.16 21:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.06.03 16:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010.10.03 16:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.21 18:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2010.05.21 18:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2010.02.18 21:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Buhl Data Service
[2010.05.21 18:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Bytemobile
[2010.04.30 18:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Canon
[2008.12.25 18:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\DMCache
[2010.05.21 18:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\FRITZ!
[2008.12.19 23:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\InterVideo
[2011.01.28 22:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Jumping Bytes
[2011.02.15 18:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks
[2011.05.01 18:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\KeePass
[2010.11.25 08:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\NetDrive
[2008.12.19 21:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\OfficeUpdate12
[2010.08.01 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Opera
[2010.07.22 22:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Panasonic
[2008.12.19 20:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Protector Suite
[2010.05.21 18:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Vodafone
[2010.05.22 20:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Vodafone Mobile Connect
[2010.02.11 18:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Wireshark
[2005.01.05 00:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Protector Suite
[2011.05.03 22:07:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.10.07 22:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008.12.20 00:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2010.11.05 14:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008.12.24 15:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009.01.11 19:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010.05.21 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2010.02.18 21:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buhl Data Service GmbH
[2010.04.12 21:48:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010.04.30 18:39:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008.12.20 10:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010.05.21 18:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010.07.22 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009.05.30 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IEConfiguration1und1
[2008.12.18 01:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2011.02.15 18:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011.01.27 20:07:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008.12.20 17:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2008.12.20 03:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009.05.16 20:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2011.03.27 17:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010.08.01 09:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2008.12.19 20:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008.12.20 10:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009.09.13 16:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010.02.22 12:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009.07.16 21:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.06.03 16:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2008.12.19 19:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010.10.03 16:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.02.04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2010.10.03 16:42:21 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
[2010.11.22 23:30:34 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.1.0.56\SetupAdmin.exe
[2010.12.19 15:09:31 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.1.1.4\SetupAdmin.exe
[2011.02.06 12:46:07 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.1.2.17\SetupAdmin.exe
[2011.03.07 20:32:48 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.2.0.34\SetupAdmin.exe
[2011.03.21 20:31:09 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.2.1.1\SetupAdmin.exe
[2011.04.25 19:31:32 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.2.2.12\SetupAdmin.exe
[2008.11.20 15:06:44 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe
 
< %APPDATA%\*. >
[2009.03.07 20:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Adobe
[2009.01.06 12:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Ahead
[2010.11.05 14:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Apple Computer
[2010.03.31 21:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\ArcSoft
[2010.02.18 21:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Buhl Data Service
[2010.05.21 18:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Bytemobile
[2010.04.30 18:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Canon
[2008.12.25 18:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\DMCache
[2009.08.16 12:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\dvdcss
[2010.05.21 18:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\FLEXnet
[2010.05.21 18:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\FRITZ!
[2009.01.11 16:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Help
[2008.12.19 20:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Identities
[2008.12.19 20:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Intel
[2008.12.19 23:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\InterVideo
[2011.01.28 22:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Jumping Bytes
[2011.02.15 18:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks
[2011.05.01 18:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\KeePass
[2008.12.19 21:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Macromedia
[2011.03.08 21:56:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\tdo114\Application Data\Microsoft
[2010.07.23 23:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Mozilla
[2010.11.25 08:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\NetDrive
[2008.12.19 21:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\OfficeUpdate12
[2010.08.01 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Opera
[2010.07.22 22:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Panasonic
[2008.12.19 20:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Protector Suite
[2009.03.01 15:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Real
[2009.09.13 17:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Sony Corporation
[2010.02.22 12:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Sun
[2010.05.21 18:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Vodafone
[2010.05.22 20:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Vodafone Mobile Connect
[2010.02.11 18:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\Wireshark
 
< %APPDATA%\*.exe /s >
[2010.06.08 09:24:36 | 000,304,496 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsCacheCleaner.exe
[2010.06.08 09:24:36 | 000,045,168 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Cache Cleaner 6.5.0\uninstall.exe
[2011.01.10 00:05:24 | 000,075,384 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Host Checker\64bitProxy.exe
[2010.06.08 09:32:32 | 000,300,400 | ---- | M] (Juniper Networks") -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe
[2010.06.08 09:32:34 | 000,234,864 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
[2010.06.08 09:32:34 | 000,157,040 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Host Checker\InstallHelper.exe
[2010.06.08 09:32:44 | 000,056,072 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Host Checker\uninstall.exe
[2010.06.03 01:46:12 | 000,132,464 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Setup Client\dsmmf.exe
[2010.06.03 01:46:12 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2010.06.03 01:45:36 | 000,330,088 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2010.06.03 01:44:10 | 000,218,232 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2010.06.03 01:46:18 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\Setup Client\uninstall.exe
[2010.06.03 01:44:06 | 000,062,904 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\setup\dsmmf.exe
[2010.06.03 01:44:04 | 000,042,432 | R--- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\setup\JuniperSetupApp.exe
[2010.06.03 01:44:06 | 000,116,080 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\setup\JuniperSetupClient.exe
[2011.02.15 18:27:40 | 000,037,464 | ---- | M] () -- C:\Documents and Settings\tdo114\Application Data\Juniper Networks\setup\uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 04:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002.08.29 04:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2003.02.04 19:20:52 | 000,032,869 | ---- | M] () MD5=CE5E1F8F0E54F7BF3403F2D8FCD696FE -- C:\Program Files\Perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 06:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.12.17 23:18:52 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.12.17 23:18:52 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.12.17 23:18:52 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:4822140BF83F89D8
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 10.05.2011 21:37:33 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\tdo114\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 122,98 Gb Free Space | 26,40% Space Free | Partition Type: NTFS
 
Computer Name: ONEHEART | User Name: tdo114 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = PFE32] -- C:\Program Files\Pfe\PFE32.EXE ()
.cmd [@ = PFE32] -- C:\Program Files\Pfe\PFE32.EXE ()
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.ini [@ = PFE32] -- C:\Program Files\Pfe\PFE32.EXE ()
.txt [@ = PFE32] -- C:\Program Files\Pfe\PFE32.EXE ()
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
"D:\Setup\HPZnet01.exe" = D:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Documents and Settings\tdo114\Local Settings\Temp\Nero Web\SetupXu.exe" = C:\Documents and Settings\tdo114\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:HP AiO Fax Manager
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:Embedded Web Server Link application
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw
"C:\Program Files\1&1\FritzDsl.exe" = C:\Program Files\1&1\FritzDsl.exe:*:Enabled:FritzDsl.exe
"C:\Program Files\1&1\FBOXDIAG.EXE" = C:\Program Files\1&1\FBOXDIAG.EXE:*:Enabled:FBOXDIAG.EXE
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe" = C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe:*:Enabled:NetDrive service -- (MacroData Inc.)
"C:\WINDOWS\system32\lmabcoms.exe" = C:\WINDOWS\system32\lmabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP Server -- ( )
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.31
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B63F6AD-3DBF-4585-A5FC-CB73CE793D53}" = ActivePerl 5.8.0 Build 805
"{8DF4C627-4AF3-4245-9F13-3518FC8584DC}" = Protector Suite QL 5.3
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901E0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP German User Interface Pack
"{901E0411-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Japanese User Interface Pack
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90530407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9FC7D8E1-F14F-11D4-943A-00E02950B496}" = Microsoft Office XP Pro Step by Step Interactive
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6978663-024B-40D6-A58E-EFF1A9C07108}" = PureSync
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}" = VAIO HDD Protection
"{c5ae39ac-ff79-47e1-b69c-c05ac7de9cf2}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E06818F4-8543-4FC8-9365-0CFF22BE2608}" = MindManager X5
"{EAF092E3-6B95-41E8-B468-94B85DAD8603}" = eDocPrinter PDF Pro Ver 6.48
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi-Software
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Premium
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Applian FLV Player2.0.23" = Applian FLV Player
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"eMindMaps" = eMindMaps
"FLV Player" = FLV Player 2.0 (build 25)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"KeePass Password Safe_is1" = KeePass Password Safe 1.10
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"Lexmark_HostCD" = Lexmark Software Uninstall
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetDrive" = NetDrive
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"OptionPCCardInstaller_tmcc" = Option PC Cards driver package
"PingPlotter Standard" = PingPlotter Standard 3.20.1s
"ProInst" = Intel PROSet Wireless
"PureSync" = PureSync 2.8.1
"RealPlayer 6.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"Uninstall_is1" = Uninstall 1.0.0.1
"VuePrint" = VuePrint
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-789336058-1214440339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2011 19:39:06 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3968
 
Error - 23.04.2011 15:10:01 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
 too short
 
Error - 24.04.2011 01:37:01 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.04.2011 01:37:01 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2032
 
Error - 24.04.2011 01:37:01 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2032
 
Error - 24.04.2011 06:59:17 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.04.2011 06:59:17 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2062
 
Error - 24.04.2011 06:59:17 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2062
 
Error - 25.04.2011 06:25:41 | Computer Name = ONEHEART | Source = Bonjour Service | ID = 100
Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
 too short
 
Error - 10.05.2011 13:51:47 | Computer Name = ONEHEART | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.22.3, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 08.05.2011 12:46:01 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 19433 seconds ago, assumi-->
 
Error - 08.05.2011 12:46:01 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: -->ng clock change.
 
Error - 08.05.2011 12:48:36 | Computer Name = ONEHEART | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{4A7AA0D3-E726-4C8F-9475-EA33357AC0C5}.  The
 backup browser is stopping.
 
Error - 09.05.2011 12:42:03 | Computer Name = ONEHEART | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the SR_Service service.
 
Error - 09.05.2011 12:42:03 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 70982 seconds ago, assumi-->
 
Error - 09.05.2011 12:42:03 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: -->ng clock change.
 
Error - 09.05.2011 12:42:08 | Computer Name = ONEHEART | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
 DHCP  Server) for the Network Card with network address 544858770508.  The following
 error  occurred:  %%1223.  Your computer will continue to try and obtain an address
on its own from  the network address (DHCP) server.
 
Error - 10.05.2011 11:37:56 | Computer Name = ONEHEART | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the SR_Service service.
 
Error - 10.05.2011 11:38:01 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 68310 seconds ago, assumi-->
 
Error - 10.05.2011 11:38:01 | Computer Name = ONEHEART | Source = FW1 | ID = 1
Description = FW1: -->ng clock change.
 
 
< End of report >
--- --- ---

markusg 11.05.2011 10:50
setze hier die tipps für xp um, außer sp3 und ie8
damit ist der laptop auch noch was sicherer.

zn8b3opd6v 11.05.2011 12:10
Die Anleitung von gestern? Tausend Dank! Ist also scheinbar auch nichts drauf. Gruß zn

markusg 11.05.2011 12:25
nö ist perfekt.
ja die anleitung von gestern

zn8b3opd6v 11.05.2011 12:51
Danke!!! PayPal könnt ihr nicht? (für ein kleines Dankeschön)

markusg 11.05.2011 14:34
doch doch.
klicke mal kontroll zentrum, spende.
und thx!

zn8b3opd6v 12.05.2011 18:27
hi markusg, hier kommen die otl logs von dem anderen NB.
Ich habe noch Fragen zu den XP Massnahmen:
Wie gehn denn Updates mit secunia und file hippo?
Was ist uac, dep (okay bin ich selber) und sehop?
backup mit XP backup funktion?
Danke im Voraus wie immer, znOTL Logfile:
Code:
OTL logfile created on: 12.05.2011 18:46:47 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\yuko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 66,43 Gb Free Space | 22,29% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-8F2DTUGM | User Name: yuko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\yuko\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
PRC - C:\WINDOWS\system32\lmabcoms.exe ( )
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Pfe\PFE32.EXE ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\yuko\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (lmab_device) -- C:\WINDOWS\System32\LMabcoms.exe ( )
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (SR_Watchdog) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
SRV - (SR_Service) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (CP_OMDRV) -- C:\WINDOWS\system32\drivers\omdrv.sys (Check Point Software Technologies)
DRV - (FW1) -- C:\WINDOWS\system32\drivers\fw.sys (Check Point Software Technologies)
DRV - (VNASC) -- C:\WINDOWS\system32\drivers\vnasc.sys (Check Point Software Technologies)
DRV - (VPN-1) -- C:\WINDOWS\System32\drivers\vpn.sys (Check Point Software Technologies)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-299502267-1177238915-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-299502267-1177238915-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.23 19:17:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.15 18:49:03 | 000,000,000 | ---D | M]
 
[2010.07.03 19:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\yuko\Application Data\Mozilla\Extensions
[2010.07.03 19:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\yuko\Application Data\Mozilla\Firefox\Profiles\w2fzsyvt.default\extensions
[2009.08.18 23:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.31 00:24:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009.07.31 00:24:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009.07.31 00:24:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009.07.31 00:24:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2011.02.13 13:45:38 | 000,000,800 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 192.168.178.22 ET0021B730800D lexmark ET0021B730800D.fritz.box
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1177238915-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://placestest.linde.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212184580437 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.12 18:40:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\yuko\Desktop\OTL.exe
[2011.04.15 18:48:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.05.20 21:06:34 | 000,401,408 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2010.05.20 21:05:48 | 001,040,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabserv.dll
[2010.05.20 21:05:48 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabusb1.dll
[2010.05.20 21:05:48 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpmui.dll
[2010.05.20 21:05:48 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiesc.dll
[2010.05.20 21:05:47 | 000,905,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabip1.dll
[2010.05.20 21:05:47 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomc.dll
[2010.05.20 21:05:47 | 000,593,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcoms.exe
[2010.05.20 21:05:47 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lmablmpm.dll
[2010.05.20 21:05:47 | 000,479,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpar1.dll
[2010.05.20 21:05:47 | 000,450,560 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiobj.dll
[2010.05.20 21:05:47 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomm.dll
[2010.05.20 21:05:47 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabinpa.dll
[2010.05.20 21:05:47 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabhcp.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.11 21:51:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.11 21:47:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.10 19:37:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\yuko\Desktop\OTL.exe
[2011.04.25 10:15:00 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.25 10:15:00 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.15 18:49:03 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011.04.13 22:09:01 | 000,198,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.13 21:41:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.23 20:36:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\yuko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.15 17:29:40 | 000,000,814 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010.03.15 17:28:24 | 000,068,946 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2010.03.15 17:28:24 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.10.19 21:22:01 | 000,000,185 | ---- | C] () -- C:\WINDOWS\PSIDATA.INI
[2009.08.18 21:20:32 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin
[2009.08.18 21:20:32 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin
[2009.05.07 22:06:16 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008.08.23 19:28:49 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2008.05.31 17:03:47 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\yuko\Local Settings\Application Data\fusioncache.dat
[2008.05.31 10:16:37 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.05.31 10:16:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.05.31 10:16:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.05.31 10:16:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.05.31 10:16:37 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.05.31 10:16:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.05.31 10:16:20 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008.05.31 10:16:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2008.05.30 23:59:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.05.30 23:42:20 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008.05.30 23:42:19 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008.05.30 23:05:57 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008.05.30 22:37:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.05.30 22:14:46 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008.05.30 22:14:46 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4847.dll
[2008.05.30 21:35:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.05.30 21:02:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.05.30 21:01:50 | 000,198,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.30 20:37:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008.05.30 20:36:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008.05.30 19:25:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.05.30 19:21:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.01.29 16:15:16 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008.01.29 16:15:04 | 000,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.09.15 19:39:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\epdfmonu.dll
[2005.09.15 19:38:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\epdfmon.dll
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.01.13 18:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 14:00:00 | 000,380,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 14:00:00 | 000,053,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2010.04.01 19:10:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009.05.07 22:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2008.05.31 10:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\InterVideo
[2010.04.01 19:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Canon
[2008.07.03 22:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\InterVideo
[2008.09.22 10:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\TVG
[2010.02.10 23:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Wireshark
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.01.14 23:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008.12.20 16:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010.12.23 19:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010.04.01 19:10:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008.05.30 23:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009.05.07 22:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008.09.12 21:01:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009.05.07 22:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2009.09.01 09:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008.05.31 00:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.08.18 23:51:44 | 001,925,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
 
< %APPDATA%\*. >
[2008.06.16 16:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Adobe
[2009.01.08 14:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Apple Computer
[2010.04.01 19:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Canon
[2008.08.23 19:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Help
[2008.05.31 11:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Identities
[2008.05.30 23:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Intel
[2008.07.03 22:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\InterVideo
[2008.05.31 15:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Macromedia
[2009.09.01 17:15:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\yuko\Application Data\Microsoft
[2010.07.03 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Mozilla
[2008.05.31 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Sony Corporation
[2008.09.22 10:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\TVG
[2010.02.10 23:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Wireshark
 
< %APPDATA%\*.exe /s >
[2009.09.11 21:12:28 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\yuko\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.05.31 00:15:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.05.31 00:15:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.05.31 00:15:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002.08.29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004.08.04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.05.31 00:15:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2003.02.04 18:20:52 | 000,032,869 | ---- | M] () MD5=CE5E1F8F0E54F7BF3403F2D8FCD696FE -- C:\Perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2004.08.04 00:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004.08.04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.05.30 21:00:59 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.05.30 21:00:59 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.05.30 21:00:59 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Files - Unicode (All) ==========
[2010.09.18 20:17:05 | 000,000,527 | ---- | M] ()(C:\Documents and Settings\yuko\Desktop\???.lnk) -- C:\Documents and Settings\yuko\Desktop\日本語.lnk
[2010.09.18 20:17:05 | 000,000,527 | ---- | C] ()(C:\Documents and Settings\yuko\Desktop\???.lnk) -- C:\Documents and Settings\yuko\Desktop\日本語.lnk
[2009.10.25 21:26:26 | 000,000,683 | ---- | M] ()(C:\Documents and Settings\yuko\Desktop\3·4?.lnk) -- C:\Documents and Settings\yuko\Desktop\3・4級.lnk
[2009.10.25 21:26:26 | 000,000,683 | ---- | C] ()(C:\Documents and Settings\yuko\Desktop\3·4?.lnk) -- C:\Documents and Settings\yuko\Desktop\3・4級.lnk
[2008.07.02 19:51:12 | 000,000,903 | ---- | M] ()(C:\Documents and Settings\yuko\Desktop\Shortcut to ????? ???? Tamasaburo Wisteria Maiden part 2.flv.lnk) -- C:\Documents and Settings\yuko\Desktop\Shortcut to 坂東玉三郎 「藤娘」 Tamasaburo Wisteria Maiden part 2.flv.lnk
[2008.07.02 19:51:12 | 000,000,903 | ---- | M] ()(C:\Documents and Settings\yuko\Desktop\Shortcut to ????? ???? Tamasaburo Wisteria Maiden part 1.flv.lnk) -- C:\Documents and Settings\yuko\Desktop\Shortcut to 坂東玉三郎 「藤娘」 Tamasaburo Wisteria Maiden part 1.flv.lnk
[2008.07.02 19:51:12 | 000,000,903 | ---- | C] ()(C:\Documents and Settings\yuko\Desktop\Shortcut to ????? ???? Tamasaburo Wisteria Maiden part 2.flv.lnk) -- C:\Documents and Settings\yuko\Desktop\Shortcut to 坂東玉三郎 「藤娘」 Tamasaburo Wisteria Maiden part 2.flv.lnk
[2008.07.02 19:51:12 | 000,000,903 | ---- | C] ()(C:\Documents and Settings\yuko\Desktop\Shortcut to ????? ???? Tamasaburo Wisteria Maiden part 1.flv.lnk) -- C:\Documents and Settings\yuko\Desktop\Shortcut to 坂東玉三郎 「藤娘」 Tamasaburo Wisteria Maiden part 1.flv.lnk

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 12.05.2011 18:46:47 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Documents and Settings\yuko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 66,43 Gb Free Space | 22,29% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-8F2DTUGM | User Name: yuko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.txt [@ = PFE32] -- C:\Program Files\Pfe\PFE32.EXE ()
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Setup\HPZnet01.exe" = D:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
"C:\WINDOWS\system32\lmabcoms.exe" = C:\WINDOWS\system32\lmabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP Server -- ( )
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8B63F6AD-3DBF-4585-A5FC-CB73CE793D53}" = ActivePerl 5.8.0 Build 805
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{901E0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP German User Interface Pack
"{901E0411-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Japanese User Interface Pack
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{c5ae39ac-ff79-47e1-b69c-c05ac7de9cf2}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EAF092E3-6B95-41E8-B468-94B85DAD8603}" = eDocPrinter PDF Pro Ver 6.24
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"098E72BE084523AD9FE1828606AD199163AA1997" = Windows Driver Package - Marvell (yukonwxp) Net  (05/03/2007 10.14.6.3)
"474492506B458A0013C8197612FA45B887DF7B06" = Windows Driver Package - Sony Corporation (SPI) HIDCLASS  (08/20/2002 7.0.3.820)
"52FF2F1604EFE31A0D22A65BEC8F88375DBADADD" = Windows Driver Package - Texas Instruments Inc (ti21sony) MTD  (04/23/2007 2.0.0.18)
"6228B4FE0926AA3D873E8209B97FB99D06CC1DD8" = Windows Driver Package - Sony Corporation (SNC) HIDClass  (06/04/2002 6.0.0.2)
"8345F5933B4883C4FCF9A5A3E64747174EE3102D" = Windows Driver Package - NVIDIA (nv) Display  (11/21/2007 6.14.11.6747)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B50F9D9AA12CD48F59EFB5611B928A2E3C8648F8" = Windows Driver Package - CXT (winachsf) Modem  (07/11/2006 7.50.00.00)
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = Soft Data Fax Modem with SmartCP
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"D1E4309621EB769C9C3578D2C54FB1B2553E9AB8" = Windows Driver Package - Alps (ApfiltrService) Mouse  (05/25/2007 5.3.512.7)
"E8EC15B2535809BEB8EC52A446F8167635CDF509" = Windows Driver Package - CXT (winachsf) Modem  (07/11/2006 7.50.00.00)
"FLV Player" = FLV Player 2.0, build 24
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InterActual Player" = InterActual Player
"Lexmark_HostCD" = Lexmark Software Uninstall
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Memory Stick Icon1.0" = Memory Stick Icon
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.10.2010 14:37:07 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
 0.0.0.0, fault address 0x00000000.
 
Error - 23.10.2010 02:53:48 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x07610068.
 
Error - 01.11.2010 06:40:18 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application SR_Service.exe, version 63.0.10.52, faulting
module DataStruct.dll, version 63.0.0.2, fault address 0x00005fea.
 
Error - 15.12.2010 16:57:35 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application SR_Service.exe, version 63.0.10.52, faulting
module LogonISReg.dll, version 63.0.0.10, fault address 0x00007ef1.
 
Error - 15.12.2010 16:58:07 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application sr_gui.exe, version 63.0.10.52, faulting module
 datastruct.dll, version 63.0.0.2, fault address 0x0000543c.
 
Error - 15.12.2010 17:00:35 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 15.12.2010 17:22:56 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 18.12.2010 07:59:48 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x08680068.
 
Error - 21.12.2010 14:46:24 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x0b0d0068.
 
Error - 29.01.2011 10:39:46 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x0caf0068.
 
[ System Events ]
Error - 12.05.2011 02:39:11 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 37170 seconds ago, assumi-->
 
Error - 12.05.2011 02:39:11 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: -->ng clock change.
 
Error - 12.05.2011 03:30:46 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 2354 seconds ago, assumin-->
 
Error - 12.05.2011 03:30:46 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: -->g clock change.
 
Error - 12.05.2011 08:06:33 | Computer Name = PRIVAT-8F2DTUGM | Source = Service Control Manager | ID = 7034
Description = The Check Point VPN-1 Securemote service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 12.05.2011 09:53:29 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 2192 seconds ago, assumin-->
 
Error - 12.05.2011 09:53:29 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: -->g clock change.
 
Error - 12.05.2011 12:36:58 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 8550 seconds ago, assumin-->
 
Error - 12.05.2011 12:36:58 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: -->g clock change.
 
Error - 12.05.2011 12:39:36 | Computer Name = PRIVAT-8F2DTUGM | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{98C04219-2589-4D2B-B500-29CEBB33EB98}.  The
 backup browser is stopping.
 
 
< End of report >
--- --- ---

markusg 12.05.2011 18:45
"Wie gehn denn Updates mit secunia und file hippo?!"
hast du die beiden programme instaliert? eig muss man nur den links folgen, bzw kann man einiges automatisch instalieren lassen.
uac steht nicht unter xp, gibts nur bei vista und win7
dep bitte den link lesen, bei fragen melden.
sehop ist nur für vista /windows 7
backup mit dem programm welches in der anleitung steht.
der ist ebenfalls sauber, alle tipps umsetzen bitte.
hier noch mal der link
http://www.trojaner-board.de/96344-a...-rechners.html
die tipps für xp sind das, was du benötigst, außer das eingeschrenkte konto.

zn8b3opd6v 12.05.2011 19:08
Danke! Dann habe ich am Wochenende etwas sinnvolles zu tun. Soll ja sowieso regnen. :-(
Die Sandbox ist wirklich interessant...

markusg 12.05.2011 19:31
ja ist sie. und arbeitet zuverlässiger als ein antiviren programm, da dort nichts was ich aktuell kenne ausbrechen kann.

zn8b3opd6v 13.05.2011 20:33
hi markus, bin gerade dabei, die xp sachen umzusetzen. Mit dem Secunia Teil habe ich probs. Das teil stürzt immer ab. Scheinbar DEP. Dabei habe ich dep schon nur für windows progs und services an. Nur für psi.exe zu disablen hat auch nichts gebracht. Hast du einen Tipp? Danke und Gruß, zn

markusg 13.05.2011 20:36
gibt es ne meldung von dep? eig dürfte da nichts passieren.

zn8b3opd6v 13.05.2011 21:00
jetzt habe ich dep über boot.ini execute ausgeschalten und es geht. Aber jetzt ist dep dann ganz aus...

Vorher mit mit noexecute oder noexecute=OptIn und psi.exe ausgschlossen, kam mal keine Meldung (fenster einfach zugegangen) oder es kam die typische dep meldung mit link zur hilfe etc. Der Scan war aber durchgelaufen mit 94%! Gar nicht so schlecht. Wenn ich dann aber in das Fenster reingeklickt habe war es dann aus.

Ich muß mal etwas rumexperimentieren. Aber das frißt so viel Zeit... :(

zn8b3opd6v 13.05.2011 21:52
So hier noch mal systematisch: Bevor ich die boot.ini geändert und PSI installiert hatte, war in der boot.ini /NoExecute=OptIn. Nie ein Problem damit gehabt. Habe von dep gar nichts gewußt.
Nach Installtion von PSI:
/NoExecute=OptIn -> Fenster schließt sich ohne Fehlermeldung
/noexecute C:\Program Files\Secunia\PSI\psi.exe DisableNXShowUI Fenster schließt sich ohne Fehlermeldung
/NoExecute=OptOut C:\Program Files\Secunia\PSI\psi.exe DisableNXShowUI Fenster schließt sich ohne Fehlermeldung
/NoExecute=OptOut C:\Program Files\Secunia\PSI\psi.exe EnableNXShowUI typisch DEP Fehlermeldung
/execute PSI läuft okay
Nun fällt mir nichts mehr ein. Wegen PSI muß ich dep auschalten. Macht das Sinn?

markusg 14.05.2011 10:30
kommst du mit file hippo zu recht?
dann würde ich secunia deinstalieren, dep für alle prozesse einschalten und nur file hippo nutzen.

zn8b3opd6v 14.05.2011 11:38
ja, hippo ist okay. Aber scheinbar nicht so umfassend wie Secunia. Was hälst Du davon: Normalerweis dep an und hippo. Einmal im Monat kurz dep aus und secunia?

An die Services habe ich mich noch nicht gewagt. Da hatte ich früher schon mal einen Menge "Spass" damit. Ich glaube, ich lass das. Obwohl ich weiß, wie wichtig das ist. ABer das kann eine Menge Ärger bdeuten. Danke. Gruß, zn

markusg 14.05.2011 12:33
ja, ist ok denke ich :-)
ist eig komisch das die dep da rumm spinnt, du bist erst der zweite user bei dem ich das hab, hatte aber schon beim ersten keine zufriedenstellende lösung gefunden.
hippo wird dich aber mit den meisten updates versorgen das passt deswegen denke ich.
und wenn du den rest einhälltst passt das sowieso :-)
geht denn secunia und der rest auf allen andern pcs die wir hier durchgejagt haben :-)

zn8b3opd6v 16.05.2011 13:52
so, das hat eine zeit gedauert. Auf den anderen PCs ging es ohne Probleme. Als nächstes möchte ich mir mal den Sandbox anschauen... Danke bis hierhin... zn

markusg 16.05.2011 14:06
ist eig keine großartig schwierige sache, instalieren, für deinen browser wie beschrieben konfigurieren, auf sandboxed web browser klicken, anstelle des browser symbols und los gehts.
schließen einfach ganz normal über das offnene browser fenster.
der einzige unterschied:
bei downloads die du machst, musst du bestätigen, hinterher, dass sie außerhalb der sandbox gespeichert werden dürfen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131