Black_Jack | 29.08.2012 20:45 | Okay also hier mal das Ergebnis vom Malwarebytes Scan VOR dem Update:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.03.05
Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
z254328 :: PC03975 [Administrator]
Schutz: Deaktiviert
29.08.2012 18:43:48
mbam-log-2012-08-29 (19-34-18).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 380489
Laufzeit: 41 Minute(n), 42 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
D:\Users\z254328\AppData\Local\Temp\ICReinstall\PDFConverterSetup.exe (Adware.Agent) -> Keine Aktion durchgeführt.
D:\Users\z254328.ORG\Downloads\SoftonicDownloader_fuer_mws-reader.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
(Ende) und hier NACH dem Update:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.08.29.08
Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
z254328 :: PC03975 [Administrator]
Schutz: Deaktiviert
29.08.2012 20:30:57
mbam-log-2012-08-29 (20-30-57).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 245280
Laufzeit: 4 Minute(n), 3 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
D:\Users\z254328.ORG\AppData\Local\Temp\roper0dun.exe (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Users\z254328.ORG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
OTL Ergebnisse folgen in wenigen Minuten...
OTL
EXTRAS.LOG:
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 29.08.2012 21:06:00 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = D:\Users\***.ORG\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,92 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 70,07% Memory free
5,84 Gb Paging File | 5,05 Gb Available in Paging File | 86,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 89,99 Gb Free Space | 77,29% Space Free | Partition Type: NTFS
Drive D: | 116,44 Gb Total Space | 82,35 Gb Free Space | 70,72% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | NOT logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA87D5-EC98-4FF3-98CD-99342D7680F3}" = lport=3389 | protocol=6 | dir=in | app=system |
"{0907FEDE-233C-4EEC-B6FD-12208CA1A80A}" = lport=445 | protocol=6 | dir=in | app=system |
"{0DAAE9A9-6863-4B72-AEB2-D547574DB840}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{100AFFDE-592D-4955-8389-7B7DE5175C72}" = rport=139 | protocol=6 | dir=out | app=system |
"{35CDB5A3-D731-4814-ACE9-F9186C58DD02}" = lport=137 | protocol=17 | dir=in | app=system |
"{3CFD6B7A-AEBB-495E-B54B-DD8E57E2C1C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4D68426C-F76E-4F04-8E0D-8E24BEA00BF1}" = lport=138 | protocol=17 | dir=in | app=system |
"{5C03141A-4180-4E87-BB04-EE075B0AF09A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6CE74B09-C89B-4A56-8662-A9718C6C0102}" = rport=137 | protocol=17 | dir=out | app=system |
"{6F21B04C-A88E-47A3-B3EF-1080F14FAD15}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6F72B594-582F-41EB-970A-D96ECABAD478}" = lport=139 | protocol=6 | dir=in | app=system |
"{73CB4F77-9DA0-45AD-85C7-A277EC9A5751}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8704D0F8-0A03-44DA-86EF-9F533409D54E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{B5041BE0-F6D6-4769-89F2-DB2DA16AE038}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BB6CDAE4-06C5-4708-AFE8-4B399861A74E}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD2D064B-3E4C-4D8F-8613-14AD4D2A4D24}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E0C1A655-251D-4657-A77D-F8E064595AF0}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE781C02-686E-4A81-B3AB-DE352C9BB73B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F94B4D55-E2BC-4955-95F6-774157263CE9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16308F9A-705D-483B-B1A8-0020C75C93F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1C2973CC-00F2-49F2-917C-93583F1E9D2A}" = dir=in | app=d:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{26FC855D-2632-4509-9658-6F14D94CBE70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2F23A530-E973-4742-8734-E36110615AB1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{318F4240-C981-43C7-B6DF-B86FACEB8920}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{36EFA6ED-3D3E-49F9-8A45-B516F4812AEB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4AC25CF0-E4A7-45CF-B0FA-2EC06A938F4E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4E1732F2-76F8-430D-B23A-4B421AE55A2C}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{5C3461F6-8E75-4911-A303-54AB88AE3B62}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5E79AA3C-BB2D-4015-8A42-80394760257E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5EDEFD97-E262-4C29-A23C-96FC07295AB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{62AD283B-649A-497B-8DFF-581BDF703073}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{6A16E57A-8809-4B29-8EE3-1533E7D4DC86}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{6DE2997D-8744-4BF8-B1AB-FA2E484CA242}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7E9B9F1B-B89D-4F90-AC74-279783626399}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{7EAEBDF2-D2F8-453F-9B1C-A26FE4CB0CC7}" = protocol=17 | dir=in | app=d:\privat\limewire\limewire.exe |
"{93D48BA0-E2AC-4284-A8D2-6014D6D7AA2D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9A6B7C30-191E-4F54-BCF9-9F33148F284C}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{9EE579FE-EB48-4056-97F4-07ADB67E0E57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B282AB1E-FF39-4D8C-825A-2B33C151F00A}" = protocol=6 | dir=in | app=d:\users\***\downloads\pdfconvertersetup.exe |
"{B95FD4C0-8F14-4308-B029-6C645AF62465}" = protocol=17 | dir=in | app=d:\users\***\downloads\pdfconvertersetup.exe |
"{C5989488-0E58-4708-83CF-49FD81FCB539}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D9C77E04-6271-4D52-B161-87224A9D05B9}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{ED9548B0-49FD-46DD-9580-DB8C330DD748}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{F47DD07C-1DCB-440E-ADAF-1580EDD2038A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FB7616A7-DF0F-47FA-A88D-BCFEA6499540}" = protocol=6 | dir=in | app=d:\privat\limewire\limewire.exe |
"TCP Query User{2C4D6D06-DDF2-4F0B-BC65-6C560C45EAF0}C:\program files\microsoft office\office14\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"UDP Query User{CB7B2198-2733-44C2-A774-05D67BC227DA}C:\program files\microsoft office\office14\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64CA87-D4EF-4D2D-A487-75135523829C}" = ***-Fonts 07.2007
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{0F97EBF6-1A51-4A15-ABFA-6240588EE9E3}" = HP Connection Manager
"{112F06D3-C560-4FB1-B384-223D2D00CF5E}" = Ixult-OESAP-ActiveX - 1.0.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38C05CFF-71BF-461D-8C5B-D984953EA5D0}" = Qualcomm Gobi 2000 Package for HP
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CB1AAC7-7B0B-43FC-89AE-2CA95943D371}" = Open Text WebDAV ActiveX Control 10.0.0
"{400C89A5-E5D1-4871-B736-543DD6D40EF6}" = RSClientPrint 2005.090.3282.00
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E2CC871-A5B5-4941-915B-140DCA283780}" = Authorware Web-player 2004.0.0.73
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61D877FD-96E7-4F1C-9E87-F604CD8112C4}" = ***-Office-Vorlagen-IKT - 01.06.2010
"{65163053-5E46-43B7-8EBC-12D22672EB58}" = SCCM Win7-32 Desktoplink
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7998335A-6580-6E10-1276-51A82B9F6A46}" = Zoosk Messenger
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{82420C36-8F2A-4C0F-B7FD-0F68ADD4FD90}" =
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0052-0407-0000-0000000FF1CE}" = Microsoft Visio Viewer 2010
"{98AA657D-9790-4454-9DB2-E8ED0EF8C571}" = Configuration Manager Client
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{9F4D7FB5-B7FB-4366-B20C-D81485799AEE}" = Adobe SVG Viewer 3.0.3
"{9F89C560-E097-437B-83F0-045D2482ADD3}" = PcInfo 4.0.3
"{A321EE50-9DDA-48BA-BC36-E63F46E696EF}" = JInitiator 1.3.1.22
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B94C2641-ACD1-43D7-86FC-7E677E9D13BD}" = Tools+Icons
"{C0B165DC-F037-483F-B1C9-D89D91529CEB}" = Citrix XenApp Web Plugin
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4958B28-41F1-4180-B2E4-05EBF25DF2B5}" = IpChange 4.0.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF2A735-3324-4D97-ADAD-4FF865CC05EB}_is1" = Final Uninstaller
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"ClearSkinFX for Digital Cameras_is1" = ClearSkinFX for Digital Cameras
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"DWG TrueView 2011" = DWG TrueView 2011
"East-Tec Eraser 2012_is1" = East-Tec Eraser 2012 Version 10.0
"fakewebcam7.1.0_is1" = Fake Webcam 7.1
"FoxTab PDF Converter" = FoxTab PDF Converter
"Free Hide Folder" = Free Hide Folder
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"LimeWire" = LimeWire 5.6.2
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MP3 Cutter_is1" = MP3 Cutter 1.1.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shareaza_is1" = Shareaza 2.5.5.0
"StealthNet_is1" = StealthNet 0.8.7.9
"tele.ring Verbindungsmanager" = tele.ring Verbindungsmanager
"Update Service" = Sony Ericsson Update Service
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.08.2012 05:00:15 | Computer Name = ***.org.***.at | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17006,
Zeitstempel: 0x4f90d722 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006c001c ID des fehlerhaften
Prozesses: 0x28b8 Startzeit der fehlerhaften Anwendung: 0x01cd7eb22fb624ce Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 74c8da84-eaa5-11e1-86f6-68b599f4ccd3
Error - 20.08.2012 05:00:28 | Computer Name = ***.org.***.at | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17006,
Zeitstempel: 0x4f90d722 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006e001c ID des fehlerhaften
Prozesses: 0x1560 Startzeit der fehlerhaften Anwendung: 0x01cd7eb2395e8e80 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 7c78ca1e-eaa5-11e1-86f6-68b599f4ccd3
Error - 20.08.2012 10:31:07 | Computer Name = ***.org.***.at | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SMManager.exe, Version: 3.3.2.42,
Zeitstempel: 0x4c941b8b Name des fehlerhaften Moduls: SMWAN.dll, Version: 4.8.12.2405,
Zeitstempel: 0x4c941b08 Ausnahmecode: 0x40000015 Fehleroffset: 0x001bff2d ID des fehlerhaften
Prozesses: 0x9bc Startzeit der fehlerhaften Anwendung: 0x01cd7b896c41054c Pfad der
fehlerhaften Anwendung: C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Hewlett-Packard\HP Connection Manager\SMWAN.dll
Berichtskennung:
ad1e3d1e-ead3-11e1-86f6-68b599f4ccd3
Error - 22.08.2012 09:00:16 | Computer Name = ***.org.***.at | Source = EventSystem | ID = 4621
Description =
Error - 22.08.2012 14:46:07 | Computer Name = ***.org.***.at | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.17006,
Zeitstempel: 0x4f90d722 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006a001c ID des fehlerhaften
Prozesses: 0x3760 Startzeit der fehlerhaften Anwendung: 0x01cd8095d144e17d Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: a1c58a0b-ec89-11e1-86f6-68b599f4ccd3
Error - 24.08.2012 13:26:41 | Computer Name = ***.org.***.at | Source = EventSystem | ID = 4621
Description =
Error - 24.08.2012 17:16:10 | Computer Name = ***.org.***.at | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
pc companion\Drivers\DPInst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.08.2012 00:54:00 | Computer Name = ***.org.***.at | Source = SmsClient | ID = 11800
Description = Failed to download baseline CI Id ScopeId_0F615795-E61F-4490-9C4A-D57C0BB7C3F7/Baseline_92618e91-51df-4628-8bae-13643f061e3e,
version 1.0
Error - 28.08.2012 05:16:03 | Computer Name = ***.org.***.at | Source = SmsClient | ID = 11800
Description = Failed to download baseline CI Id ScopeId_0F615795-E61F-4490-9C4A-D57C0BB7C3F7/Baseline_92618e91-51df-4628-8bae-13643f061e3e,
version 1.0
Error - 29.08.2012 11:48:16 | Computer Name = ***.org.***.at | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .
[ HP Wireless Assistant Events ]
Error - 02.10.2011 23:52:15 | Computer Name = ***.bau.***.at | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 04.10.2011 08:17:34 | Computer Name = ***.bau.***.at | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()
bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 06.10.2011 11:07:35 | Computer Name = ***.bau.***.at | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 07.10.2011 00:15:49 | Computer Name = ***.bau.***.at | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 11.01.2012 03:52:38 | Computer Name = ***.bau.***.at | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 24.01.2012 17:10:57 | Computer Name = ***.bau.***.at | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()
bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 05.02.2012 00:48:34 | Computer Name = ***.bau.***.at | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()
bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 25.03.2012 10:14:29 | Computer Name = ***.bau.***.at | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()
bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()
bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 30.04.2012 06:25:55 | Computer Name = ***.bau.***.at | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
bei HardwareAccess.Hardware.Instance() bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme
powerScheme)
Error - 06.06.2012 01:04:57 | Computer Name = ***.org.***.at | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unerwarteter Fehler bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)
bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()
bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
[ System Events ]
Error - 29.08.2012 14:48:18 | Computer Name = ***.org.***.at | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.08.2012 14:48:18 | Computer Name = ***.org.***.at | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.08.2012 14:48:59 | Computer Name = ***.org.***.at | Source = DCOM | ID = 10005
Description =
Error - 29.08.2012 14:49:06 | Computer Name = ***.org.***.at | Source = DCOM | ID = 10005
Description =
Error - 29.08.2012 14:49:10 | Computer Name = ***.org.***.at | Source = DCOM | ID = 10005
Description =
Error - 29.08.2012 14:49:10 | Computer Name = ***.org.***.at | Source = DCOM | ID = 10005
Description =
Error - 29.08.2012 14:49:38 | Computer Name = ***.org.***.at | Source = DCOM | ID = 10005
Description =
Error - 29.08.2012 14:55:53 | Computer Name = ***.org.***.at | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.08.2012 14:56:56 | Computer Name = ***.org.***.at | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.08.2012 15:06:19 | Computer Name = ***.org.***.at | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report > --- --- ---
OTL Logfile: Code:
OTL logfile created on: 29.08.2012 21:06:00 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = D:\Users\***.ORG\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,92 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 70,07% Memory free
5,84 Gb Paging File | 5,05 Gb Available in Paging File | 86,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 89,99 Gb Free Space | 77,29% Space Free | Partition Type: NTFS
Drive D: | 116,44 Gb Total Space | 82,35 Gb Free Space | 70,72% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | NOT logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\Users\***.ORG\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre7\bin\java.exe (Oracle Corporation)
PRC - C:\Programme\Java\jre7\bin\jp2launcher.exe (Oracle Corporation)
PRC - D:\privat\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Java\jre7\bin\jp2native.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- D:\privat\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (FlagfoxUpdater) -- D:\Users\***\AppData\LocalLow\Flagfox\IE\FlagfoxUpdater.exe ()
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SMManager) -- C:\Programme\Hewlett-Packard\HP Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (SmcService) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (QDLService2kHP) -- C:\Programme\QUALCOMM\QDLService2k\QDLService2kHP.exe (QUALCOMM, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CcmExec) -- C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120125.033\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120125.033\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WpsHelper) -- C:\Windows\System32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\Windows\System32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\Windows\System32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (qcusbnethp2k) -- C:\Windows\System32\drivers\qcusbnethp2k.sys (QUALCOMM Incorporated)
DRV - (qcusbserhp2k) -- C:\Windows\System32\drivers\qcusbserhp2k.sys (QUALCOMM Incorporated)
DRV - (qcfilterhp2k) -- C:\Windows\System32\drivers\qcfilterhp2k.sys (QUALCOMM Incorporated)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (prepdrvr) -- C:\Windows\System32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (rismc32) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (netvsc) -- C:\Windows\System32\drivers\netvsc60.sys (Microsoft Corporation)
DRV - (SynthVid) -- C:\Windows\System32\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://portal.***.at/IKT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://portal.***.at/IKT
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.***.at;10.*.*.*;*.eisenbahner.at;*.vaeb.at;*.sozialversicherung.at;epk.sozvers.at*;*.ava-online.at;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.***.at:8080
========== FireFox ==========
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.23 09:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: D:\Programme\Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: D:\Programme\Thunderbird\plugins
[2012.05.16 11:13:13 | 000,000,000 | ---D | M] (No name found) -- D:\Users\***.ORG\AppData\Roaming\mozilla\Extensions
[2012.05.16 11:13:13 | 000,000,000 | ---D | M] (No name found) -- D:\Users\***.ORG\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.08.16 10:25:31 | 000,000,000 | ---D | M] (No name found) -- D:\Users\***.ORG\AppData\Roaming\mozilla\Firefox\Profiles\6p08zpuq.default\extensions
[2012.07.02 11:13:24 | 000,000,000 | ---D | M] (Garmin Communicator) -- D:\Users\***.ORG\AppData\Roaming\mozilla\Firefox\Profiles\6p08zpuq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.08.11 11:12:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Users\***.ORG\AppData\Roaming\mozilla\Firefox\Profiles\6p08zpuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.06.19 12:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.19 12:03:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.05 08:52:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.06.19 12:03:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.01 09:49:20 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.31 12:33:33 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage:
CHR - homepage:
CHR - Extension: No name found = D:\Users\***.ORG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - D:\privat\Shareaza\Shareaza\RazaWebHook32.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Flagfox) - {A02B5E09-122E-4A2D-B996-D997485B8C9E} - D:\Users\***\AppData\LocalLow\Flagfox\IE\Flagfox.dll (Dave G)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\tele.ring Verbindungsmanager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP Connection Manager.exe] C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe (Smith Micro Software, Inc)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] D:\privat\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: D:\Users\***.ORG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = D:\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RecycleBinSize = 5
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: agonto.com ([*.***] * in Vertrauenswürdige Sites)
O15 - HKLM\..Trusted Domains: ***.at ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: agonto.com ([*.***] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: ***.at ([]* in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} hxxp://10.70.53.246/activex/AMC.cab (AudioHandlerEmbedded)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.22)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://10.50.33.230/activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = org.***.at
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{386FC51D-EAD8-4FEC-AC47-AB155973AF7B}: Domain = bau.***.at
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{386FC51D-EAD8-4FEC-AC47-AB155973AF7B}: NameServer = 213.162.69.169 213.162.69.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5970DEC6-65A3-4F9E-A8FD-9B7B69DFFD12}: Domain = bau.***.at
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5970DEC6-65A3-4F9E-A8FD-9B7B69DFFD12}: NameServer = 10.16.1.250,10.64.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3B497ED-54DC-4091-A470-E0E0BC70013B}: NameServer = 213.162.69.170 213.162.65.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9FDF5EA-1C41-41EA-85DF-71178347ACF5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.29 19:01:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.08.29 18:43:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.29 18:23:31 | 000,598,528 | ---- | C] (OldTimer Tools) -- D:\Users\***.ORG\Desktop\OTL.exe
[2012.08.29 18:14:42 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Roaming\Malwarebytes
[2012.08.29 18:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.29 18:14:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.29 18:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.29 17:52:21 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{66DD1C55-2EB4-4CFD-81B0-AC3C5F1C10FA}
[2012.08.23 12:26:36 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.08.23 12:26:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.08.23 12:26:25 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.08.23 08:14:01 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{AC26B327-4BD2-4B48-82D1-D573FF57AE77}
[2012.08.17 12:02:54 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\Desktop\Dokumente
[2012.08.16 11:04:40 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\Desktop\Handy
[2012.08.16 10:45:19 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\VS Revo Group
[2012.08.16 10:42:19 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Roaming\CheeseSoft
[2012.08.16 10:34:33 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{57CAD063-E693-4951-985D-FB2D82410A3D}
[2012.08.16 10:20:27 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\PC_Drivers_Headquarters
[2012.08.16 10:15:35 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\Desktop\Fa. Wehrhan
[2012.08.09 10:13:32 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{3B16A609-888E-40EB-A902-0F02C26B1654}
[2012.08.09 10:13:21 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{263CD2CD-64A0-40DC-A3B4-450450DF067C}
[2012.08.08 23:47:42 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{B682B470-F482-438D-8B5D-6ADD735EE563}
[2012.08.08 23:46:34 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{F76D0CDB-E19D-4A02-9682-AA339E3E469F}
[2012.08.08 23:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012.08.08 23:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012.08.08 23:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012.08.06 14:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.08.06 14:04:34 | 000,000,000 | ---D | C] -- C:\Windows\Lhsp
[2012.08.06 14:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\MWS Reader 4
[2012.08.06 08:40:36 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\Sony
[2012.08.05 12:45:55 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{6A5BB0A2-6999-438C-8150-CEC7647AF125}
[2012.08.05 12:45:44 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{B0C8498C-1B0F-48D6-8D56-6D0956E3E0D3}
[2012.08.04 10:56:03 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{DE2F9331-E6FC-47A1-B0DF-F5AF90F97162}
[2012.08.04 10:55:52 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{C8AFA6D3-B608-4C16-AFFE-CD722424EDD9}
[2012.08.03 08:41:13 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\Google
[2012.07.31 17:46:58 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{FA10CBBE-AAAE-4439-9314-371ED0E36252}
[2012.07.31 17:46:46 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{E9615300-CE25-41DD-879B-59863E3FC0FA}
[2012.07.31 14:20:40 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{CA69BC12-0479-46C0-9542-0F6F2E9818D1}
[2012.07.31 14:20:29 | 000,000,000 | ---D | C] -- D:\Users\***.ORG\AppData\Local\{BA82D32F-4243-4AF4-88B9-9FD3F563604D}
========== Files - Modified Within 30 Days ==========
[2012.08.29 20:57:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.29 20:53:44 | 000,702,200 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.29 20:53:44 | 000,656,626 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.29 20:53:44 | 000,149,732 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.29 20:53:44 | 000,122,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.29 20:48:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.29 20:47:55 | 2352,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.29 18:36:06 | 000,000,467 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012.08.29 18:24:20 | 000,598,528 | ---- | M] (OldTimer Tools) -- D:\Users\***.ORG\Desktop\OTL.exe
[2012.08.29 17:52:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.29 17:52:22 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.29 17:15:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.29 17:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.29 16:52:26 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-903667506-3135327160-3059381705-1582UA.job
[2012.08.29 16:52:26 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-903667506-3135327160-3059381705-1582Core.job
[2012.08.23 12:26:21 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.08.23 12:26:20 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.08.23 12:26:20 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.08.23 12:26:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.08.23 12:26:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.08.23 10:28:12 | 000,012,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.23 10:28:12 | 000,012,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.23 09:59:01 | 000,035,563 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.08.16 10:33:55 | 000,021,378 | RHS- | M] () -- D:\Users\***.ORG\ntuser.pol
[2012.08.15 14:00:36 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 14:00:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.08 23:42:17 | 000,510,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.05 02:06:13 | 000,222,208 | -H-- | M] () -- D:\Users\***.ORG\Documents\My Sexy video cam naked with my new boyfriend.avi.avi.exe
[2012.08.04 16:30:03 | 000,245,225 | -H-- | M] () -- D:\Users\***.ORG\Documents\Foto (3).JPG
[2012.08.04 16:26:57 | 000,222,403 | -H-- | M] () -- D:\Users\***.ORG\Documents\Foto (2).JPG
[2012.08.04 11:23:28 | 000,116,655 | -H-- | M] () -- D:\Users\***.ORG\Documents\IMG_1271.JPG
[2012.08.04 11:23:15 | 000,053,774 | -H-- | M] () -- D:\Users\***.ORG\Documents\IMG_1307.JPG
[2012.08.04 11:10:52 | 000,264,477 | -H-- | M] () -- D:\Users\***.ORG\Documents\Picture of me 2.png
[2012.08.04 11:08:08 | 000,078,620 | -H-- | M] () -- D:\Users\***.ORG\Documents\IMG_1073.JPG
[2012.08.03 11:18:09 | 000,291,966 | ---- | M] () -- D:\Users\***.ORG\Desktop\Hintergrundbild der Windows-Fotoanzeige.jpg
========== Files Created - No Company Name ==========
[2012.08.29 17:08:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.08.05 02:05:41 | 000,222,208 | -H-- | C] () -- D:\Users\***.ORG\Documents\My Sexy video cam naked with my new boyfriend.avi.avi.exe
[2012.08.04 16:30:00 | 000,245,225 | -H-- | C] () -- D:\Users\***.ORG\Documents\Foto (3).JPG
[2012.08.04 16:26:54 | 000,222,403 | -H-- | C] () -- D:\Users\***.ORG\Documents\Foto (2).JPG
[2012.08.04 11:23:17 | 000,116,655 | -H-- | C] () -- D:\Users\***.ORG\Documents\IMG_1271.JPG
[2012.08.04 11:23:04 | 000,053,774 | -H-- | C] () -- D:\Users\***.ORG\Documents\IMG_1307.JPG
[2012.08.04 11:10:26 | 000,264,477 | -H-- | C] () -- D:\Users\***.ORG\Documents\Picture of me 2.png
[2012.08.04 11:08:01 | 000,078,620 | -H-- | C] () -- D:\Users\***.ORG\Documents\IMG_1073.JPG
[2012.08.03 11:18:09 | 000,291,966 | ---- | C] () -- D:\Users\***.ORG\Desktop\Hintergrundbild der Windows-Fotoanzeige.jpg
[2012.06.15 08:58:24 | 1476,669,440 | ---- | C] () -- D:\Users\***.ORG\American Pie Das Klassentreffen XViD.avi
[2012.05.29 15:09:12 | 000,640,928 | ---- | C] () -- D:\Users\***.ORG\466613_437735199570397_100000017615656_1638432_719270023_o.jpg
[2012.05.16 09:41:50 | 000,023,116 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2012.05.16 09:35:45 | 000,021,378 | RHS- | C] () -- D:\Users\***.ORG\ntuser.pol
[2011.06.03 15:47:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.30 13:14:25 | 000,000,467 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2011.05.30 13:13:40 | 000,000,366 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2011.05.30 13:12:52 | 000,035,563 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.05.30 11:53:57 | 000,000,202 | ---- | C] () -- C:\Windows\System32\HPWA.ini
[2011.02.10 14:47:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.02.10 14:47:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.02.10 13:08:11 | 000,102,400 | ---- | C] () -- C:\Program Files\uninstgs.exe
[2011.02.10 12:26:50 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2011.02.10 11:20:25 | 000,253,952 | ---- | C] () -- C:\Windows\System32\PRNCON.exe
[2011.02.10 11:20:25 | 000,094,208 | ---- | C] () -- C:\Windows\System32\iver.exe
[2011.02.10 11:09:25 | 000,870,544 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011.02.10 11:09:25 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011.02.10 11:09:25 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011.02.10 11:09:24 | 000,127,896 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011.02.10 11:09:24 | 000,051,068 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011.02.10 11:09:24 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.10 11:09:23 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
========== LOP Check ==========
[2011.02.10 13:06:51 | 000,000,000 | ---D | M] -- D:\Users\***.ORG\AppData\Roaming\Autodesk
[2012.08.16 10:42:19 | 000,000,000 | ---D | M] -- D:\Users\***.ORG\AppData\Roaming\CheeseSoft
[2012.05.16 09:54:07 | 000,000,000 | ---D | M] -- D:\Users\***.ORG\AppData\Roaming\EAST Technologies
[2012.07.02 11:15:58 | 000,000,000 | ---D | M] -- D:\Users\***.ORG\AppData\Roaming\Garmin
[2012.08.23 08:14:00 | 000,000,000 | ---D | M] -- D:\Users\***.ORG\AppData\Roaming\LimeWire
[2012.08.29 16:52:26 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-903667506-3135327160-3059381705-1582Core.job
[2012.08.29 16:52:26 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-903667506-3135327160-3059381705-1582UA.job
[2012.05.17 20:04:45 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012.05.16 09:39:47 | 000,000,162 | -HS- | C] ()(D:\Users\***.ORG\Documents\~$????? ???? ???? ? ????? ???? ?????????.docx) -- D:\Users\***.ORG\Documents\~$ชจฺจา วสโล โหติ น ชจฺจา โหติ พฺราหฺมโณ.docx
[2011.07.11 11:14:10 | 000,000,162 | -HS- | M] ()(D:\Users\***.ORG\Documents\~$????? ???? ???? ? ????? ???? ?????????.docx) -- D:\Users\***.ORG\Documents\~$ชจฺจา วสโล โหติ น ชจฺจา โหติ พฺราหฺมโณ.docx
< End of report > --- --- --- |