![]() |
|
Plagegeister aller Art und deren Bekämpfung: GVU auch bei mir zugeschlagen! Newbie benötigt unterstützung!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
|
![]() | #1 |
| ![]() GVU auch bei mir zugeschlagen! Newbie benötigt unterstützung! Hi Community, bin neu hier und habe schon diverse Berichte zu dem GVU/ BSI Trojaner gelesen, nachdem dieser den Lap meiner Mutter Gestern befallen hat. Im Gegensatz zu vielen, hatte ich die Gelegenheit im abgesicherten Modus mit Netzwerk zu starten. Was ich bisher gamcht habe, Malewarebytes laufengelassen, leider ohne treffer, habe den Kontonamen geändert (warum auch immer, nicht fragen bin Leihe) und habe einen Reboot gemacht. Reboot erfolgreich, habe dann auch wieder Interzugang gehabt und nachfolgend alle offen Updates durchgeführt und noch Maleware von Emisoft geladen und gescannt. Der hatte dann noch etwas gefunden und gelöscht...die Hinweise zum nicht löschen hatte ich leider in der Hektik nicht gelesen, sorry dafür! Jetzt läuft das Ding wieder ohen Probleme, trau dem Frieden jedoch nicht ganz, daher habe ich noch OTL geladen und ausgeführt und den Log anbei angefügt. Würde mich über Feedback aus der Reihe der Wissenden freuen und gerne wissen ob noch etwas zu tun ist und wenn was? Gruß und besten Dank im Voraus --> sorry for typos Code:
ATTFilter OTL logfile created on: 21.06.2012 10:09:05 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\...\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 52,73% Memory free 7,49 Gb Paging File | 5,13 Gb Available in Paging File | 68,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,28 Gb Total Space | 527,46 Gb Free Space | 90,74% Space Free | Partition Type: NTFS Drive D: | 14,60 Gb Total Space | 1,80 Gb Free Space | 12,33% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: ...-LAP1 | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.21 10:06:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe PRC - [2012.06.17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2012.06.17 15:44:44 | 003,367,328 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.08.19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011.03.23 09:16:38 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2010.12.15 22:01:28 | 000,249,672 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2010.12.15 22:01:22 | 000,635,208 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2010.12.15 22:01:08 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2010.12.11 04:32:56 | 000,154,816 | ---- | M] (Zecter Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe PRC - [2010.11.18 12:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.09 16:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.11.09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2010.01.04 12:07:06 | 000,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe PRC - [2009.07.25 03:09:14 | 000,329,040 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe ========== Modules (No Company Name) ========== MOD - [2012.06.21 07:02:36 | 000,379,904 | ---- | M] () -- C:\Users\...\AppData\Local\Temp\libsqlitejdbc-3938884281665348199.lib MOD - [2012.06.21 07:02:28 | 000,199,168 | ---- | M] () -- C:\Users\...\AppData\Local\Temp\WindowsAPI.dll1905712988578935392.lib MOD - [2010.11.18 13:07:50 | 001,700,920 | ---- | M] () -- C:\Users\...\AppData\Roaming\PictureMover\DE-DE\Presentation.dll MOD - [2010.11.18 12:57:42 | 012,284,984 | ---- | M] () -- C:\Users\...\AppData\Roaming\PictureMover\Bin\Core.dll MOD - [2010.08.16 13:21:30 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010.08.16 13:21:30 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010.08.16 13:21:30 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.12.28 19:51:30 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV:64bit: - [2011.05.27 12:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010.12.10 09:05:42 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.12.09 23:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.06.17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2011.12.28 19:51:30 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV - [2011.12.28 19:51:30 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010.12.15 22:01:28 | 000,249,672 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2010.12.02 06:44:08 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2010.11.09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.11.08 18:52:56 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010.07.21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV - [2010.06.17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.09.20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.28 19:51:31 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp) DRV:64bit: - [2011.12.28 19:51:31 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf) DRV:64bit: - [2011.12.28 19:51:31 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.12 12:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt) DRV:64bit: - [2011.07.12 12:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt) DRV:64bit: - [2011.07.12 12:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint) DRV:64bit: - [2011.05.27 12:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.05.27 12:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.03.23 09:17:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.17 04:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.10 11:40:38 | 008,121,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.12.10 08:24:20 | 000,291,328 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.12.08 23:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2010.12.02 06:44:08 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.19 20:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.11.19 20:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.10.19 21:56:44 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.09.28 13:54:56 | 002,562,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwx.sys -- (AR5416) DRV:64bit: - [2010.09.26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.06.17 15:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010.05.06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.29 14:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc) DRV - [2012.04.30 18:45:00 | 000,044,688 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver) DRV - [2011.05.19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2010.05.05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\...\Desktop IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\SearchScopes,DefaultScope = {734E87CA-0C26-44BC-B70A-AE0ED8B086BB} IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\SearchScopes\{734E87CA-0C26-44BC-B70A-AE0ED8B086BB}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\SearchScopes\{7BC37B0B-ED6D-4949-AD42-9B19E901DD70}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.27 18:58:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2011.12.28 20:16:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.27 18:58:39 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein\1.0_0\npwebsitelogon.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Website Logon = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein\1.0_0\ CHR - Extension: Google Mail = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Programme\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Programme\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-408667139-1106771192-1307068543-1001..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKU\S-1-5-21-408667139-1106771192-1307068543-1001..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe (Trend Micro Inc.) O4 - HKU\S-1-5-21-408667139-1106771192-1307068543-1001..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-408667139-1106771192-1307068543-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{614482C6-7F92-452A-82C1-791D345C532C}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{973D5F0A-BFF5-4882-B62C-6BF82B644C81}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\tmtb - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Programme\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.21 10:06:32 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe [2012.06.20 22:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.06.20 22:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.06.20 22:53:06 | 000,000,000 | ---D | C] -- C:\Users\...\Documents\Anti-Malware [2012.06.20 22:40:17 | 137,888,424 | ---- | C] (Emsisoft GmbH ) -- C:\Users\...\Desktop\EmsisoftAntiMalwareSetup.exe [2012.06.20 20:57:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.06.20 20:56:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.06.20 20:55:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.06.20 20:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.06.20 17:01:43 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Malwarebytes [2012.06.20 17:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.20 17:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.20 17:01:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.20 17:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.16 09:07:52 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{A3B38392-0552-4D70-9910-3D85962F2626} [2012.06.13 14:47:54 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{FB7E3D9E-4EA2-4892-8A91-6CB98D0A685D} [2012.06.13 14:47:30 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{3D6C78F9-924F-4B89-8BAF-34838D4B8AC3} [2012.06.12 19:59:50 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{EAB44E5E-9418-450A-AD9C-83AC48B85064} [2012.06.12 10:25:32 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{3705DD42-A5D6-49A0-AEFE-AB1B69400F7D} [2012.06.12 10:25:08 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{1F07B979-6BFB-4A22-9005-054540B6EE14} [2012.06.12 08:15:23 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{8B3B8087-AE0C-40B7-9015-E9908638FE2F} [2012.06.12 08:15:11 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{B59B7C38-E1D6-4906-A6E7-42EA09386FEB} [2012.06.12 07:17:04 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{4DF2B4B9-1643-4E14-9479-31DCEFC990B9} [2012.06.12 07:16:50 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{A1ABFA58-323A-4282-8908-D08A05992EAC} [2012.06.08 11:38:05 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{B3C90258-506F-402F-87F7-494F71659C81} [2012.06.08 11:37:39 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{57D46025-55FF-4130-8A39-AEC6751BA8F6} [2012.06.07 22:27:32 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{E77816A4-E26E-41B9-8154-D74752B279C5} [2012.06.07 22:27:08 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{65B19811-EE13-4D3F-AC90-C53781EE569D} [2012.06.06 20:02:54 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{C686887E-D3AA-425E-958B-0AB1137AA755} [2012.06.06 20:02:30 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{E1D08AB3-301E-40DB-9E79-8BE75BA7EA69} [2012.06.06 17:51:44 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{A6037A2D-5CC5-4223-A34B-E73CC8D0AFBD} [2012.06.06 17:51:18 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{7E266F56-38A7-4261-9E9C-95BB723FF6E1} [2012.06.05 20:29:03 | 000,000,000 | --SD | C] -- C:\Users\...\Documents\Meine Datenquellen [2012.06.05 20:26:46 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{70944899-0B1A-452D-A416-032B67BA628F} [2012.06.05 20:26:19 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{B26E6A1C-A1C7-44FC-A962-E5A96A7F8D25} [2012.06.05 08:26:19 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{7B52FB50-5948-4D0E-A4FA-8A8C86299D84} [2012.06.05 08:25:24 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{93F5350A-82B5-4410-BFE8-428EC98B44BF} [2012.06.05 07:56:25 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{870ED6CD-7E75-48F6-ADF9-57E28CD09B81} [2012.06.04 09:22:38 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{83CB33AA-2683-462D-8CB5-BD944F3DF35C} [2012.06.04 09:21:56 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{C06DF006-E21C-4D6E-9E3F-DB21201CD3E4} [2012.06.03 18:56:57 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{FA27F347-A6F8-4D04-BB1F-CDE91115983F} [2012.06.03 18:56:42 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{69803FED-32AC-44B8-AA64-0303B5EDBDBD} [2012.06.01 12:11:36 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{1C21036E-0E5F-4584-A4D8-7AA2BD354A18} [2012.05.27 10:25:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam ========== Files - Modified Within 30 Days ========== [2012.06.21 10:22:31 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin [2012.06.21 10:19:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.21 10:18:25 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin [2012.06.21 10:06:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe [2012.06.21 09:57:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.21 07:08:25 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 07:08:25 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 07:01:32 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.21 07:00:21 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2012.06.21 06:27:21 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.21 06:27:21 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.21 06:27:21 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.21 06:27:21 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.21 06:27:20 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.20 22:53:35 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.06.20 22:52:54 | 137,888,424 | ---- | M] (Emsisoft GmbH ) -- C:\Users\...\Desktop\EmsisoftAntiMalwareSetup.exe [2012.06.20 22:04:28 | 000,277,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.20 21:04:21 | 001,526,948 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.20 19:18:01 | 004,503,728 | ---- | M] () -- C:\ProgramData\ni_0_evas.pad [2012.06.20 17:01:33 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.20 10:28:32 | 000,001,883 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.20 10:19:28 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C5100 series.job [2012.06.18 17:37:56 | 000,226,755 | ---- | M] () -- C:\Windows\hpoins18.dat [2012.06.15 09:34:40 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor....job [2012.05.26 16:53:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor...-LAP1$.job ========== Files Created - No Company Name ========== [2012.06.20 22:53:35 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.06.20 17:01:33 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.20 10:28:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\ni_0_evas.pad [2012.06.20 10:28:32 | 000,001,883 | ---- | C] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.18 17:37:49 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\WebReg HP Photosmart C5100 series.job [2011.12.27 18:53:16 | 000,226,755 | ---- | C] () -- C:\Windows\hpoins18.dat [2011.12.27 18:53:16 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat [2011.12.27 17:58:21 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.16 09:38:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.16 09:25:27 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.01.06 13:42:07 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2011.01.06 13:36:08 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2010.09.24 15:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2010.09.18 00:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.02.09 10:42:04 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoft [2012.02.09 10:41:27 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.27 17:47:57 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\PictureMover [2012.06.12 23:07:25 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\SoftGrid Client [2011.12.27 17:46:55 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Synaptics [2011.12.27 17:59:21 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TP [2012.01.02 23:10:11 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Windows Live Writer [2012.06.21 07:02:38 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ZumoDrive [2012.03.12 18:42:59 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\_MDLogs [2012.02.27 20:19:51 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.27 19:40:09 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Adobe [2011.12.27 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ATI [2011.12.27 20:29:49 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\CyberLink [2012.02.09 10:42:04 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoft [2012.02.09 10:41:27 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.26 16:17:05 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Hewlett-Packard [2011.12.27 19:01:42 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\HP [2012.02.03 16:44:18 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\hpqlog [2011.12.27 17:46:35 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Identities [2011.12.27 17:54:09 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Macromedia [2012.06.20 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Malwarebytes [2011.08.16 18:19:53 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Media Center Programs [2012.06.05 20:29:03 | 000,000,000 | --SD | M] -- C:\Users\...\AppData\Roaming\Microsoft [2011.12.27 17:47:57 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\PictureMover [2012.06.01 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Skype [2012.06.12 23:07:25 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\SoftGrid Client [2011.12.27 17:46:55 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Synaptics [2011.12.27 17:59:21 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TP [2012.01.02 23:10:11 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Windows Live Writer [2011.12.27 18:58:57 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Yahoo! [2012.06.21 07:02:38 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ZumoDrive [2012.03.12 18:42:59 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\_MDLogs < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_39e1f82254380270\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.01.06 21:56:12 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2011.01.06 21:56:12 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.01.06 21:56:12 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.01.06 21:56:12 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2011.01.06 21:43:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.01.06 21:43:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
![]() | #2 |
![]() ![]() ![]() ![]() ![]() | ![]() GVU auch bei mir zugeschlagen! Newbie benötigt unterstützung! Hi,
__________________sieht soweit gut aus, bitte noch das EXTRA-Log posten... Fix für OTL:
![]() Code:
ATTFilter :OTL O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O4 - HKLM..\Run: [] File not found :Commands [emptytemp] [Reboot]
chris
__________________ |
![]() | #3 |
| ![]() GVU auch bei mir zugeschlagen! Newbie benötigt unterstützung! Danke schonmal vorab für die schnelle Reaktion!
__________________ExtraLog anbei OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.06.2012 10:09:05 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\...\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 52,73% Memory free 7,49 Gb Paging File | 5,13 Gb Available in Paging File | 68,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,28 Gb Total Space | 527,46 Gb Free Space | 90,74% Space Free | Partition Type: NTFS Drive D: | 14,60 Gb Total Space | 1,80 Gb Free Space | 12,33% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: ...-LAP1 | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-408667139-1106771192-1307068543-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{19EE0C96-C720-4FD4-AE30-21A316CF6677}" = lport=7000 | protocol=17 | dir=in | name=udp-port für windows-easytransfer | "{9750A451-5B8E-4BA2-8A57-B64F46F040E6}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{B90C1E47-2621-47AF-85AB-5256BD63C0A6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{BC76AB8F-7AE7-4828-9135-87422E791042}" = lport=7000 | protocol=6 | dir=in | name=tcp-port für windows-easytransfer | "{EC1D0362-A007-4F97-BA7C-E8849CFC2B3B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02563BCF-689F-4D24-91BA-7F6CBAB89B1E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{08D870C8-5950-4AE8-8EEA-50417FB16D3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{118A94C5-1CCD-4727-951E-AFF808D91866}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{18F8BA7C-30CA-40CD-B4C8-017610B61C20}" = dir=in | app=c:\users\...\appdata\local\temp\7zs46c9\setup\hpznui40.exe | "{1BD686DE-4DD8-4CF4-9D9C-D5D0960B3C34}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | "{29D44BC1-18D2-42BF-B8EF-DC9BB4F1BBC4}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{2EFD702B-64D7-46B8-9BBB-717CB36D7BFF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{332FB473-FFB7-4988-9721-2ED1178AFC24}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{38FF31BF-B905-4F04-82FB-F21153B6915C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{3F20CC4F-D0B4-4D88-9883-58D70E08477E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{481574A7-D685-4A41-BF1E-E9ED44B4F074}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{4FE6B739-259C-4C5D-86B2-A828DF96DFE3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{554322D1-CB9B-439B-B256-E63850509AF0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{71BCB91C-58F5-4460-9F98-7125A3146E23}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{765C5A44-831A-41E2-8653-C6ED06262F37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{7ECFF03E-B0E2-4781-BCEB-BF8379764D57}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe | "{8ABEA37C-DE10-4466-BBF4-3D72C84A0975}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{8D4B33DD-F19B-4223-9963-E567D638D82F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{90B3B2C2-79ED-4157-BEED-13E8D52BD1D1}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | "{9138FB82-1C26-47DB-8A16-2B69A35E8BA0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{9F1692C1-1B84-484F-99EF-46CAC5CA384E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{A6BD59DA-A981-4141-BA37-1DACB8535787}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{AF352C6E-32DD-4312-A0E0-237CEC5E30E7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{AF4DD762-C2D2-400D-B528-282F5366B7EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{BBC834EC-5AE9-4B4F-9942-732BA35919EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{BEBC24EE-1B28-4AD2-B4C9-40E7A3989EE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{BFEECE24-D276-4569-A5C7-FE7440483A25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{C984EFFF-89DD-4745-8734-E562457309D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{CA023692-6603-46F5-83F8-4DA58251600F}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe | "{CC6D256D-CCC0-44FE-AC14-35F3D7B3DF49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{CFA143DB-DC2E-4546-AD9E-A0E18ACD8262}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{DC40C287-58BC-4680-88E3-A40215FC418F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EBDC2E1C-0A44-405C-AF36-4F5D2578911C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{F12804F5-33E9-4812-88DE-305FE1589F05}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{F674CED6-7C38-4749-9667-FF40A2D7D154}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A "{1B6E46D9-BD48-F831-D337-64397E7EA1DB}" = ccc-utility64 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{3549401F-C832-4B81-8780-1E055E18B8A6}" = Validity WBF DDK "{3623E33A-6E9A-442F-9628-570C28E01EDF}" = HP 3D DriveGuard "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{896DC183-4DDA-4AF5-9DFD-B68B97CB7989}" = AuthenTec TrueAPI "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro "{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E18E155E-73A9-0CCA-B796-05B09A1B5D97}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FE87BA4F-9866-8332-0A4F-59864BE2196A}" = AMD Fuel "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0A9A553D-A324-4C3C-B6E9-2464480BAE50}" = Catalyst Control Center - Branding "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{0F7254A8-4D75-979A-4445-EBC2EE90B6D2}" = CCC Help English "{14D9E133-37C6-B9CB-36C5-EB76DBE80F5C}" = Catalyst Control Center Graphics Previews Common "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5 "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{4037A2B9-A976-4538-8B08-A0D95B637F35}" = C5100 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{431D963B-16AA-FAB8-3E72-82CDB466FDD8}" = CCC Help Swedish "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{49F633C6-1247-3052-F1F1-C3DC271A6E92}" = CCC Help Danish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{54C024E2-4761-EB23-88C5-77EE8977B854}" = CCC Help Polish "{5A018BC8-CEC4-C0E2-5EB1-4DFF3CD5E052}" = CCC Help Japanese "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5FE4D5BB-0B56-DC7D-E5A4-49DB989983CC}" = CCC Help French "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{66F0F1EB-A7B1-4592-BE90-404CD9E49053}" = HP Documentation "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F388ED3-8C2B-222D-9CA6-38C44A3F4569}" = CCC Help Italian "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software "{70E09E33-5C83-F272-17D5-93858F2063F2}" = CCC Help Dutch "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7D12AB72-6A28-A280-0637-485760AFDBDC}" = ccc-core-static "{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup "{81BAE41F-EF43-4902-773E-64B105245EE0}" = CCC Help Chinese Standard "{82F6A47B-6651-0044-F871-AF99C15E4871}" = CCC Help German "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{98218567-28F7-0D1F-BD48-3041677E5CD4}" = CCC Help Hungarian "{994406A3-EA5C-B7C9-B0C0-E9019ADD3521}" = CCC Help Korean "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help "{A671E7CA-23EA-A86E-A61F-E518143670C0}" = CCC Help Thai "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9AED85D-2194-F13C-EE99-F013DB2BD44F}" = CCC Help Russian "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB32E35A-3CBE-6747-06A9-453469EF9CD2}" = CCC Help Chinese Traditional "{ABAF4569-6EDD-EA43-1574-EBA8911859BE}" = CCC Help Greek "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager "{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B949352B-D05B-5670-836E-430CCAAE28FA}" = CCC Help Spanish "{BC08BEE3-1503-0173-B7A5-8765AA20C08A}" = CCC Help Portuguese "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BCB2219D-A452-80E9-5C27-F497128DE10A}" = CCC Help Norwegian "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{BD302920-E48F-EE44-4DBF-F58994C8BDF3}" = CCC Help Finnish "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2AC41BC-CA8B-846C-A711-42A2C8BC05BB}" = Catalyst Control Center InstallProxy "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan "{D902BADB-499C-EF9E-B5D3-48B36566C3A6}" = Catalyst Control Center Localization All "{DA7B4F2B-0099-EEB6-6FB8-8F794248E982}" = CCC Help Czech "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F1DD6CD2-6734-4089-9EF5-441F51E083B6}" = HP SimplePass 2011 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALDI Bestellsoftware" = ALDI Bestellsoftware 4.11.0 "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EasyBits Magic Desktop" = Magic Desktop "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228 "Google Chrome" = Google Chrome "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "PokerStars.net" = PokerStars.net "WinLiveSuite" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "ZumoDrive" = HP CloudDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31.05.2012 19:25:20 | Computer Name = ...-LAP1 | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 31.05.2012 19:25:22 | Computer Name = ...-LAP1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: sftlist.exe, Version: 4.6.1.10263, Zeitstempel: 0x4c8e7cc8 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0x00000000 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xf54 Startzeit der fehlerhaften Anwendung: 0x01cd3bd910226729 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: e3a1ef7a-ab77-11e1-9ae6-68b599df7d36 Error - 31.05.2012 19:25:24 | Computer Name = ...-LAP1 | Source = Application Virtualization | ID = 257 Description = Application Virtualization hat einen unerwarteten Fehler erkannt und es wurde ein Fehlerbericht generiert. Error - 03.06.2012 11:48:17 | Computer Name = ...-LAP1 | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 04.06.2012 03:21:06 | Computer Name = ...-LAP1 | Source = System Restore | ID = 8193 Description = Error - 04.06.2012 03:21:06 | Computer Name = ...-LAP1 | Source = System Restore | ID = 8211 Description = Error - 05.06.2012 01:55:06 | Computer Name = ...-LAP1 | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 05.06.2012 02:42:30 | Computer Name = ...-LAP1 | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 06.06.2012 14:36:54 | Computer Name = ...-LAP1 | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 07.06.2012 10:00:10 | Computer Name = ...-LAP1 | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 08.06.2012 05:41:39 | Computer Name = ...-LAP1 | Source = Customer Experience Improvement Program | ID = 1008 Description = [ Hewlett-Packard Events ] Error - 23.02.2012 14:47:21 | Computer Name = ...-LAP1 | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/3828e79e_096d_4843_b163_a03d5a059798/+abmtey_p+p7+v33ojhjqtdr_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String) [ HP Software Framework Events ] Error - 24.05.2012 17:21:44 | Computer Name = ...-LAP1 | Source = CaslWmi | ID = 5 Description = 2012.05.24 23:21:44.737|00001A50|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 24.05.2012 17:21:47 | Computer Name = ...-LAP1 | Source = CaslWmi | ID = 5 Description = 2012.05.24 23:21:47.821|00000364|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 07.06.2012 13:59:27 | Computer Name = ...-LAP1 | Source = CaslWmi | ID = 5 Description = 2012.06.07 19:59:27.907|00000FA4|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt ' Error - 07.06.2012 13:59:28 | Computer Name = ...-LAP1 | Source = CaslWmi | ID = 5 Description = 2012.06.07 19:59:28.307|00000FA4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 07.06.2012 14:01:14 | Computer Name = ...-LAP1 | Source = CaslWmi | ID = 5 Description = 2012.06.07 20:01:14.691|000017B8|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt ' Error - 07.06.2012 14:01:15 | Computer Name = ...-LAP1 | Source = CaslWmi | ID = 5 Description = 2012.06.07 20:01:15.150|000017B8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 07.06.2012 14:01:16 | Computer Name = ...-LAP1 | Source = CaslWmi | ID = 5 Description = 2012.06.07 20:01:16.666|00001AC8|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt ' Error - 07.06.2012 14:01:17 | Computer Name = ...-LAP1 | Source = CaslWmi | ID = 5 Description = 2012.06.07 20:01:17.114|00001AC8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 14.06.2012 14:00:21 | Computer Name = ...-LAP1 | Source = CaslWmi | ID = 5 Description = 2012.06.14 20:00:21.918|00003444|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 14.06.2012 14:00:24 | Computer Name = ...-LAP1 | Source = CaslWmi | ID = 5 Description = 2012.06.14 20:00:24.004|00003A7C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state [ HP Wireless Assistant Events ] Error - 27.12.2011 11:42:30 | Computer Name = ...-LAP1 | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 27.12.2011 11:43:30 | Computer Name = ...-LAP1 | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 27.12.2011 11:44:30 | Computer Name = ...-LAP1 | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 27.12.2011 11:45:30 | Computer Name = ...-LAP1 | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 27.12.2011 11:46:30 | Computer Name = ...-LAP1 | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 27.12.2011 11:47:30 | Computer Name = ...-LAP1 | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 27.12.2011 11:48:38 | Computer Name = ...-LAP1 | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 27.12.2011 11:49:46 | Computer Name = ...-LAP1 | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 27.12.2011 11:50:53 | Computer Name = ...-LAP1 | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 07.05.2012 11:32:08 | Computer Name = ...-LAP1 | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() bei HPPA_Service.CurrentConfiguration.ReloadRadioList() [ Media Center Events ] Error - 05.06.2012 01:51:51 | Computer Name = ...-LAP1 | Source = MCUpdate | ID = 0 Description = 07:51:51 - Fehler beim Herstellen der Internetverbindung. 07:51:51 - Serververbindung konnte nicht hergestellt werden.. Error - 05.06.2012 01:52:03 | Computer Name = ...-LAP1 | Source = MCUpdate | ID = 0 Description = 07:51:56 - Fehler beim Herstellen der Internetverbindung. 07:51:56 - Serververbindung konnte nicht hergestellt werden.. Error - 05.06.2012 04:05:51 | Computer Name = ...-LAP1 | Source = MCUpdate | ID = 0 Description = 10:05:51 - Fehler beim Herstellen der Internetverbindung. 10:05:51 - Serververbindung konnte nicht hergestellt werden.. Error - 05.06.2012 04:06:01 | Computer Name = ...-LAP1 | Source = MCUpdate | ID = 0 Description = 10:05:56 - Fehler beim Herstellen der Internetverbindung. 10:05:56 - Serververbindung konnte nicht hergestellt werden.. Error - 20.06.2012 08:48:34 | Computer Name = ...-LAP1 | Source = MCUpdate | ID = 0 Description = 14:48:34 - Fehler beim Herstellen der Internetverbindung. 14:48:34 - Serververbindung konnte nicht hergestellt werden.. Error - 20.06.2012 08:48:44 | Computer Name = ...-LAP1 | Source = MCUpdate | ID = 0 Description = 14:48:39 - Fehler beim Herstellen der Internetverbindung. 14:48:39 - Serververbindung konnte nicht hergestellt werden.. Error - 20.06.2012 11:00:26 | Computer Name = ...-LAP1 | Source = MCUpdate | ID = 0 Description = 17:00:26 - Fehler beim Herstellen der Internetverbindung. 17:00:26 - Serververbindung konnte nicht hergestellt werden.. Error - 20.06.2012 11:01:01 | Computer Name = ...-LAP1 | Source = MCUpdate | ID = 0 Description = 17:00:38 - Fehler beim Herstellen der Internetverbindung. 17:00:38 - Serververbindung konnte nicht hergestellt werden.. Error - 20.06.2012 12:01:28 | Computer Name = ...-LAP1 | Source = MCUpdate | ID = 0 Description = 18:01:28 - Fehler beim Herstellen der Internetverbindung. 18:01:28 - Serververbindung konnte nicht hergestellt werden.. Error - 20.06.2012 12:02:08 | Computer Name = ...-LAP1 | Source = MCUpdate | ID = 0 Description = 18:01:34 - Fehler beim Herstellen der Internetverbindung. 18:01:34 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 20.06.2012 15:44:14 | Computer Name = ...-LAP1 | Source = DCOM | ID = 10010 Description = Error - 20.06.2012 16:12:11 | Computer Name = ...-LAP1 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2656410) Error - 20.06.2012 16:12:11 | Computer Name = ...-LAP1 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2656372) Error - 20.06.2012 16:12:11 | Computer Name = ...-LAP1 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2604114) Error - 20.06.2012 16:12:11 | Computer Name = ...-LAP1 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2686830) Error - 20.06.2012 19:37:56 | Computer Name = ...-LAP1 | Source = DCOM | ID = 10016 Description = Error - 21.06.2012 00:33:29 | Computer Name = ...-LAP1 | Source = DCOM | ID = 10016 Description = Error - 21.06.2012 00:34:51 | Computer Name = ...-LAP1 | Source = Service Control Manager | ID = 7034 Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 21.06.2012 03:57:26 | Computer Name = ...-LAP1 | Source = DCOM | ID = 10016 Description = Error - 21.06.2012 04:51:16 | Computer Name = ...-LAP1 | Source = DCOM | ID = 10016 Description = < End of report > |
![]() | #4 |
![]() ![]() ![]() ![]() ![]() | ![]() GVU auch bei mir zugeschlagen! Newbie benötigt unterstützung! Hi, okay.... Läuft der Rechner normal? chris
__________________ ![]() ![]() Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ![]() |
![]() | #5 |
| ![]() GVU auch bei mir zugeschlagen! Newbie benötigt unterstützung! Hi Chris, soweit läuft der Rechner schon, ab und zu hab ich noch Verbindungsprobleme mit dem Internet z.B. Heute Morgen ob das mit dem Tojaner zusammenhängt, kann ich leider nicht beurteilen (hat man glaube ich auch in den Extende OTL Report gesehen) Was mich interessieren würde ist, ob das Teil passiv verankert bleibt und etwaige Kommunikation / Daten liest und weiterverwendet? Da ich Leihe bin, habe ich da natürlich etwas Sorge. Gruß und Danke nochmals für die schnelle Reaktion und Antwort VG Sascha |
![]() | #6 |
![]() ![]() ![]() ![]() ![]() | ![]() GVU auch bei mir zugeschlagen! Newbie benötigt unterstützung! Hi, wir prüfen noch auf Rootkit... Nein, das Teil erpresst den Nutzer indem es die Daten verschlüsselt. Gegen bares gibt es dann (vielleicht) ein Entschlüsselungsprogramm... TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein: ![]() Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ --> GVU auch bei mir zugeschlagen! Newbie benötigt unterstützung! |
![]() |
Themen zu GVU auch bei mir zugeschlagen! Newbie benötigt unterstützung! |
4d36e972-e325-11ce-bfc1-08002be10318, autorun, bho, bingbar, browser, conduit, converter, emsisoft, explorer, feedback, firefox, format, frage, google earth, helper, home, launch, logfile, mp3, netzwerk, nvstor.sys, object, plug-in, realtek, registry, rundll, searchscopes, security, services.exe, software, temp, trojaner, updates, usb, usb 3.0, version=1.0, warum, windows, wrapper |