| |
| |||||||
Log-Analyse und Auswertung: C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? FehlermeldungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.07.2012, 13:25
| #1 |
| |  C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung Hallo zusammen, am 3.7. hatte ich beim Surfen plötzlich bildschirmfüllend diese bekannte "Bundestrojaner" Oberfläche inkl. dem eingeblendeten Web-Cam-Livebild. Es handelte sich bei mir um die Variante Urheber-Rechts-Verletzung mit der Aufforderung zum Zahlen. Ich konnte den Benutzer (Admin) abmelden und über einen anderen Benutzer habe ich mich angemeldet; die Suche mit Antivir (Free) ergab zwei, drei Treffer auf Trojaner. Ich war so erschrocken und bin relativ unerfahren - leider habe ich sie löschen lassen ohne ihre Identität festzuhalten. Danach lief mein System wieder recht normal und ich habe mit der Trial von AdAware alles noch mal gescannt und einen Treffer gelöscht. Seither SCHEINT mein System okay - aber hier wird ja zur Genüge auf den trügerischen Schrein hingewiesen!!! Gesperrte oder Kodierte Files/Daten habe ich bisher nicht festgestellt - alles wirkt bisher eigentlich recht normal - AUSSER: In der Tat - beim Systemstart gibt es noch ein deutliches Anzeichen: Wenn ich Windows neu starte erscheint ein Warnhinweis mit o.g. Fehlermeldung: >>C:\Users\HP\AppData\Local\Temp\0_0u_I.exe<< Mit dem Hinweis, dass der entsprechende Pfad nicht gefunden werden konnte. Ich habe herausgefunden, dass das wohl mit dem Virus zu tun hat. Was kann/muss ich tun um meinen Rechner zu retten und fit zu bekommen? Mit "defogger" habe ich die Emulatoren(?) deaktiviert und danach mit "OTL" Das Sytem gescannt. Die LOG-Dateien sind in dem ZIP-Ordner Was muss ich tun und wann/wie kann ich mit "defogger" das wieder Rückgängig machen? VIELEN DANK für jede Hilfe! |
|
06.07.2012, 06:36
| #2 | ||||
| /// Helfer-Team    | C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Deinstalliere: Code:
ATTFilter "Ad-Aware Free": jetzt läuft mit Anti-Viren-Schutz!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten! 2. Hast du es denn in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum? Code:
ATTFilter O1 - Hosts: 127.0.0.1 reg.sorensonmedia.com
O1 - Hosts: 127.0.0.1 reg.sorensonmedia.com
Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O4:64bit: - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3fab8ebc-441f-11e1-a29d-705ab6b52ef3}\Shell - "" = AutoRun
O33 - MountPoints2\{3fab8ebc-441f-11e1-a29d-705ab6b52ef3}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ebae0125-d7dd-11e0-aa6f-705ab6b52ef3}\Shell - "" = AutoRun
O33 - MountPoints2\{ebae0125-d7dd-11e0-aa6f-705ab6b52ef3}\Shell\AutoRun\command - "" = H:\PhotoViewerAP_V6.0.1.exe
[2012-07-03 21:18:15 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012-07-03 21:18:15 | 000,001,871 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:264B2CC4
@Alternate Data Stream - 1352 bytes -> C:\Users\HP\AppData\Local\B5KAo7AKMU:8DQk587V7L0wyssg016S
@Alternate Data Stream - 1213 bytes -> C:\Users\HP\AppData\Local\WldLbUK5M1rZ7:nz8U20EC3DTkwjWSE4R7gTd
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956
:Files
C:\ProgramData\l_u0_0.pad
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
4. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
5. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
6. erneut einen Scan mit OTL:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
06.07.2012, 13:55
| #3 | |||||
| | C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung Hallo Kira,
__________________danke für Deine Hilfe! Ich habe die Aufgabenliste abgearbeitet und folgende Ergebnisse: zu 1. Zitat:
zu 2. Zitat:
Hatte mal für einen Job etwas bei Sorenson lizensiert und mich registriert... zu 3. Zitat:
Es scheint also schon etwas verbessert zu haben... Das FIX-LOG-File / der Text ist hier: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fab8ebc-441f-11e1-a29d-705ab6b52ef3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fab8ebc-441f-11e1-a29d-705ab6b52ef3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fab8ebc-441f-11e1-a29d-705ab6b52ef3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fab8ebc-441f-11e1-a29d-705ab6b52ef3}\ not found.
File "H:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebae0125-d7dd-11e0-aa6f-705ab6b52ef3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebae0125-d7dd-11e0-aa6f-705ab6b52ef3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebae0125-d7dd-11e0-aa6f-705ab6b52ef3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebae0125-d7dd-11e0-aa6f-705ab6b52ef3}\ not found.
File H:\PhotoViewerAP_V6.0.1.exe not found.
C:\ProgramData\l_u0_0.pad moved successfully.
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
ADS C:\ProgramData\TEMP:264B2CC4 deleted successfully.
ADS C:\Users\HP\AppData\Local\B5KAo7AKMU:8DQk587V7L0wyssg016S deleted successfully.
ADS C:\Users\HP\AppData\Local\WldLbUK5M1rZ7:nz8U20EC3DTkwjWSE4R7gTd deleted successfully.
ADS C:\ProgramData\TEMP:BC359956 deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\l_u0_0.pad not found.
File\Folder C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\HP\Desktop\cmd.bat deleted successfully.
C:\Users\HP\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: HP
->Temp folder emptied: 341750680 bytes
->Temporary Internet Files folder emptied: 39649813 bytes
->Java cache emptied: 1144888 bytes
->FireFox cache emptied: 55335414 bytes
->Flash cache emptied: 1972 bytes
User: Isabel
->Temp folder emptied: 1070950 bytes
->Temporary Internet Files folder emptied: 243104050 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6709924 bytes
->Flash cache emptied: 1513 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156231013 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 8014508 bytes
Total Files Cleaned = 814,00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07062012_095939
Files\Folders moved on Reboot...
C:\Users\HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Isabel\AppData\Local\Temp\OICE_AD75CCFC-AB5F-495C-9BF2-A0F01BC0C837.0\7FCDB8C8. not found!
File\Folder C:\Users\Isabel\AppData\Local\Temp\OICE_429E7243-B551-4F11-A96D-8FB7258FD946.0\DB1513D5. not found!
PendingFileRenameOperations files...
File C:\Users\HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Isabel\AppData\Local\Temp\OICE_AD75CCFC-AB5F-495C-9BF2-A0F01BC0C837.0\7FCDB8C8. not found!
File C:\Users\Isabel\AppData\Local\Temp\OICE_429E7243-B551-4F11-A96D-8FB7258FD946.0\DB1513D5. not found!
Registry entries deleted on Reboot...
Zitat:
Es waren wohl drei Programme - im LOG-File ganz unten aufgeführt (ohne Aktion) ich habe sie aber glaub ich manuell löschen lassen... Hier das LOG-File von Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 HP :: 89MM-SEBALAPTOP [Administrator] Schutz: Aktiviert 06.07.2012 10:13:33 mbam-log-2012-07-06 (12-06-15).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 409343 Laufzeit: 58 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\HP\Downloads\applianflv_upgrade_1472.exe (PUP.BundleOffers.IIQ) -> Keine Aktion durchgeführt. C:\Users\HP\Downloads\SoftonicDownloader_fuer_filezilla.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\HP\_LAGER\20 Softz\Recovery_File.Scavenger.v3.2.20.20100325.Incl.Keyfilemaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Keine Aktion durchgeführt. (Ende) zum letzten Punkt: Zitat:
Code:
ATTFilter OTL logfile created on: 6-7-2012 12:28:26 - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\HP\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,52% Memory free 7,72 Gb Paging File | 5,99 Gb Available in Paging File | 77,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 150,95 Gb Total Space | 13,66 Gb Free Space | 9,05% Space Free | Partition Type: NTFS Drive E: | 143,04 Gb Total Space | 73,44 Gb Free Space | 51,34% Space Free | Partition Type: NTFS Drive F: | 1,99 Gb Total Space | 1,99 Gb Free Space | 99,69% Space Free | Partition Type: FAT32 Drive G: | 100,00 Mb Total Space | 71,56 Mb Free Space | 71,57% Space Free | Partition Type: NTFS Computer Name: XXXXXXXXXXXXXXXXX | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-07-05 09:40:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe PRC - [2012-05-03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012-05-02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012-05-02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012-05-02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011-10-21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2011-09-01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011-08-03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-03-16 11:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe PRC - [2011-03-16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2010-10-19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe PRC - [2010-07-16 14:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2010-05-06 02:30:26 | 011,268,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2010-05-06 02:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2010-04-05 10:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2010-02-25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2010-02-01 17:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2010-02-01 17:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe PRC - [2009-11-21 05:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009-11-04 23:46:40 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009-11-04 23:46:38 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009-10-02 23:53:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe PRC - [2009-10-02 23:47:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe PRC - [2009-10-02 23:13:10 | 000,988,448 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe ========== Modules (No Company Name) ========== MOD - [2009-11-09 11:52:36 | 000,329,272 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012-07-04 19:02:30 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2012-07-04 19:02:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2011-09-12 17:08:46 | 000,142,904 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2011-05-13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010-07-16 14:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2010-02-18 14:52:30 | 002,045,232 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2010-02-01 17:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV:64bit: - [2010-02-01 17:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge) SRV:64bit: - [2009-11-19 15:11:24 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2009-08-03 22:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009-06-03 16:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore) SRV - [2012-06-21 11:49:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-05-03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012-05-02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012-05-02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-12-19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2011-09-01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011-08-03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-06-21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-03-16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2010-10-19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2010-05-06 02:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2010-04-05 10:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-02-18 14:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2009-11-09 11:52:18 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2009-11-04 23:46:40 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009-11-04 23:46:38 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009-10-02 23:53:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv) SRV - [2009-10-02 23:47:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService) SRV - [2009-10-02 23:13:10 | 000,988,448 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS) SRV - [2009-06-13 07:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-07-04 19:02:31 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012-05-02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012-04-27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012-04-25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012-01-17 07:50:32 | 000,059,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SxSmemcd.sys -- (SxSmemcd) DRV:64bit: - [2011-12-19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw) DRV:64bit: - [2011-12-19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis) DRV:64bit: - [2011-12-19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:64bit: - [2011-11-29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2011-10-26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE) DRV:64bit: - [2011-09-29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV:64bit: - [2011-09-29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL) DRV:64bit: - [2011-05-13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011-05-13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011-05-10 11:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011-05-05 00:20:32 | 000,340,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010-09-30 13:53:20 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2010-06-04 03:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010-06-03 16:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2010-04-05 10:43:36 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2010-04-05 10:31:54 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010-03-19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010-02-01 17:11:36 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock) DRV:64bit: - [2010-02-01 17:11:34 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RsvLock.sys -- (RsvLock) DRV:64bit: - [2010-02-01 17:11:32 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot) DRV:64bit: - [2009-11-21 05:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009-11-21 05:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009-10-26 22:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009-10-21 13:37:52 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2009-10-02 23:47:22 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive) DRV:64bit: - [2009-09-17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009-09-12 09:05:32 | 000,039,552 | ---- | M] (None) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mfpec.sys -- (ALIWEHCD) DRV:64bit: - [2009-09-12 09:05:32 | 000,013,184 | ---- | M] (None) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfpcomp.sys -- (AliWGP) DRV:64bit: - [2009-09-12 09:05:32 | 000,012,416 | ---- | M] (None) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfpvbus.sys -- (WUSBVBus) DRV:64bit: - [2009-08-11 07:48:32 | 000,021,520 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet) DRV:64bit: - [2009-08-03 22:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009-07-20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009-07-14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009-07-14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009-07-14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009-06-25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009-06-25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009-06-25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009-06-04 11:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SbAlg.sys -- (SbAlg) DRV:64bit: - [2009-04-29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009-04-23 00:18:48 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64) DRV:64bit: - [2007-04-27 08:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV - [2011-10-26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE) DRV - [2010-09-11 10:07:26 | 000,006,144 | ---- | M] (Zeal SoftStudio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\zntport.sys -- (zntport) DRV - [2010-02-01 17:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SbAlg.sys -- (SbAlg) DRV - [2010-02-01 17:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2010-02-01 17:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\rsvlock.sys -- (RsvLock) DRV - [2010-02-01 17:11:22 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009-10-05 15:10:42 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.sys -- (Aspi32) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 6E 71 9A 50 59 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.spiegel.de" FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4189 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14 FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.6.2011020301 FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2 FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.12 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3 FF - prefs.js..extensions.enabledItems: firefox-autofill@googlegroups.com:3.1 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50 FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:3.1.5 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012-07-04 19:05:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-04 10:42:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-05-20 10:19:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-04 10:42:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-05-20 10:19:37 | 000,000,000 | ---D | M] [2011-01-24 19:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions [2012-07-04 10:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\udcgdzgr.default\extensions [2011-03-18 10:47:26 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\udcgdzgr.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2012-07-04 10:42:07 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\udcgdzgr.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012-04-03 19:44:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\udcgdzgr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-07-04 10:42:08 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\udcgdzgr.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-06-06 21:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011-10-05 14:07:06 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files (x86)\mozilla firefox\extensions\adapter@babylontc.com [2011-10-05 14:07:06 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Program Files (x86)\mozilla firefox\extensions\ocr@babylon.com [2012-06-04 08:21:56 | 000,222,562 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDCGDZGR.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI [2012-07-04 10:19:05 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDCGDZGR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011-09-27 14:03:52 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDCGDZGR.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI [2012-01-27 17:07:06 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDCGDZGR.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI [2012-04-03 19:44:21 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDCGDZGR.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI [2011-05-19 18:32:57 | 000,054,155 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDCGDZGR.DEFAULT\EXTENSIONS\FIREFOX-AUTOFILL@GOOGLEGROUPS.COM.XPI [2012-02-11 15:12:40 | 000,080,121 | ---- | M] () (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDCGDZGR.DEFAULT\EXTENSIONS\MULTIPLETAB@PIRO.SAKURA.NE.JP.XPI [2012-06-21 11:49:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-03-09 09:04:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012-03-09 09:04:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012-03-09 09:04:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012-03-09 09:04:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012-03-09 09:04:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012-03-09 09:04:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011-02-15 12:27:22 | 000,000,893 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 reg.sorensonmedia.com O1 - Hosts: 127.0.0.1 reg.sorensonmedia.com O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D23855F4-F1CA-4273-A4E6-157C5787B9AD}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-07-06 10:11:24 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes [2012-07-06 10:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-07-06 10:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-07-06 10:11:00 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-07-06 10:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-07-06 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\OTL-Reports [2012-07-06 09:59:39 | 000,000,000 | ---D | C] -- C:\_OTL [2012-07-06 09:47:28 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012-07-06 09:47:27 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012-07-06 09:47:27 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012-07-06 09:47:23 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012-07-06 09:47:23 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012-07-06 09:47:23 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012-07-06 09:47:15 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012-07-06 09:47:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012-07-06 09:33:10 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Avira [2012-07-06 09:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012-07-06 09:27:48 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012-07-06 09:27:48 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012-07-06 09:27:48 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012-07-06 09:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012-07-06 09:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012-07-05 09:40:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2012-07-04 19:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Portrait Displays [2012-07-04 19:19:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Hewlett-Packard Company [2012-07-04 19:05:47 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs [2012-07-04 19:05:34 | 000,000,000 | ---D | C] -- C:\Windows\DPDrv [2012-07-04 19:05:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-Hant [2012-07-04 19:05:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-Hans [2012-07-04 19:05:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ko [2012-07-04 19:05:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja [2012-07-04 19:05:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\cs [2012-07-04 19:03:05 | 000,515,584 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys [2012-07-04 19:03:04 | 001,484,288 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll [2012-07-04 19:03:04 | 000,651,264 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll [2012-07-04 19:03:04 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll [2012-07-04 19:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\IDT [2012-07-04 19:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Validity Sensors [2012-07-04 10:43:49 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\adaware [2012-07-04 10:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012-07-04 10:43:41 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys [2012-07-04 10:43:36 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys [2012-07-04 10:43:36 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys [2012-07-04 10:43:35 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012-07-04 10:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012-07-04 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\adawarebp [2012-07-04 10:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012-07-04 10:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012-07-04 10:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012-07-04 10:40:16 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Ad-Aware Antivirus [2012-06-12 14:03:18 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012-07-06 12:16:54 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-06 12:16:54 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-06 12:14:48 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012-07-06 12:13:44 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012-07-06 12:09:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-07-06 12:09:00 | 3108,954,112 | -HS- | M] () -- C:\hiberfil.sys [2012-07-05 13:49:42 | 000,029,280 | ---- | M] () -- C:\Users\HP\Desktop\Living Images-Livestream_Projektvorstellung.pdf [2012-07-05 09:42:30 | 000,000,000 | ---- | M] () -- C:\Users\HP\defogger_reenable [2012-07-05 09:40:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2012-07-05 09:32:32 | 000,050,477 | ---- | M] () -- C:\Users\HP\Desktop\Defogger.exe [2012-07-04 19:31:53 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml [2012-07-04 19:31:52 | 000,001,738 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml [2012-07-04 19:20:20 | 000,000,191 | ---- | M] () -- C:\Windows\SysNative\HPPA.ini [2012-07-04 19:08:05 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\drivers\wdbdcbd.sys [2012-07-04 19:08:05 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\drivers\wdbdcbd.sys [2012-07-04 19:08:05 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\msbdcbd.ocx [2012-07-04 19:08:05 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\msbdcbd.ocx [2012-07-04 19:08:04 | 000,000,977 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf [2012-07-04 19:08:04 | 000,000,474 | ---- | M] () -- C:\Windows\SysNative\MAPISVC.INF [2012-07-04 19:02:31 | 001,952,256 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll [2012-07-04 19:02:31 | 000,515,584 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys [2012-07-04 19:02:31 | 000,489,472 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray64.exe [2012-07-04 19:02:30 | 012,861,952 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl [2012-07-04 19:02:30 | 001,484,288 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll [2012-07-04 19:02:30 | 000,651,264 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll [2012-07-04 19:02:30 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll [2012-07-04 19:02:30 | 000,219,648 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll [2012-07-04 19:02:26 | 000,442,368 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTEC64.dll [2012-07-04 19:02:26 | 000,162,816 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAC64.dll [2012-07-04 19:02:26 | 000,090,624 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTCo64.dll [2012-07-04 19:02:26 | 000,068,608 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAR64.dll [2012-07-04 19:00:53 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_bNB_EliteBook 8540w (WD927EA#ABH)_Y5336AN_0U_QCND0270XH5_EU_4A_I1521_SHP_V32.33_B68CVD F.0E_T101125_W748-1_L407_M3954_J320_7Intel_8652_92.40_#100911_N808610EA;80864238_(WD927EA#ABH)_XMOBILE_CN10_Z_2.MRK [2012-07-04 19:00:53 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_bNB_EliteBook 8540w (WD927EA#ABH)_Y5336AN_0U_QCND0270XH5_EU_4A_I1521_SHP_V32.33_B68CVD F.0E_T101125_W748-1_L407_M3954_J320_7Intel_8652_92.40_#100911_N808610EA;80864238_(WD927EA#ABH)_XMOBILE_CN10_Z_2.MRK [2012-07-04 15:16:54 | 000,000,600 | ---- | M] () -- C:\Users\HP\winscp.RND [2012-07-04 10:46:48 | 001,536,178 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-07-04 10:46:48 | 000,668,384 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012-07-04 10:46:48 | 000,627,920 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-07-04 10:46:48 | 000,136,020 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012-07-04 10:46:48 | 000,111,498 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-07-04 10:22:08 | 000,001,066 | ---- | M] () -- C:\Users\HP\Desktop\Glary Utilities.lnk [2012-07-03 10:33:12 | 001,105,049 | ---- | M] () -- C:\Users\HP\Desktop\01_Konzept-FINAL-PDF_Projektvorstellung.pdf [2012-07-02 10:20:00 | 000,009,599 | ---- | M] () -- C:\Users\HP\Desktop\Logo SRU deutsch_farbe.pdf [2012-06-12 08:59:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012-06-12 08:59:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-06-11 15:11:16 | 000,001,377 | ---- | M] () -- C:\Users\HP\Desktop\Wissen erzählen.lnk ========== Files Created - No Company Name ========== [2012-07-05 13:49:40 | 000,029,280 | ---- | C] () -- C:\Users\HP\Desktop\Living Images-Livestream_Projektvorstellung.pdf [2012-07-05 09:42:30 | 000,000,000 | ---- | C] () -- C:\Users\HP\defogger_reenable [2012-07-05 09:32:31 | 000,050,477 | ---- | C] () -- C:\Users\HP\Desktop\Defogger.exe [2012-07-04 19:31:53 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml [2012-07-04 19:31:52 | 000,001,738 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml [2012-07-04 19:08:05 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\drivers\wdbdcbd.sys [2012-07-04 19:08:05 | 000,003,120 | ---- | C] () -- C:\Windows\SysNative\drivers\wdbdcbd.sys [2012-07-04 19:08:05 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\msbdcbd.ocx [2012-07-04 19:08:05 | 000,003,120 | ---- | C] () -- C:\Windows\SysNative\msbdcbd.ocx [2012-07-04 19:08:04 | 000,000,474 | ---- | C] () -- C:\Windows\SysNative\MAPISVC.INF [2012-07-04 19:03:45 | 000,001,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk [2012-07-04 10:43:42 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012-07-04 10:22:08 | 000,001,066 | ---- | C] () -- C:\Users\HP\Desktop\Glary Utilities.lnk [2012-07-03 10:33:08 | 001,105,049 | ---- | C] () -- C:\Users\HP\Desktop\01_Konzept-FINAL-PDF_Projektvorstellung.pdf [2012-07-02 10:20:00 | 000,009,599 | ---- | C] () -- C:\Users\HP\Desktop\Logo SRU deutsch_farbe.pdf [2012-06-11 15:11:16 | 000,001,377 | ---- | C] () -- C:\Users\HP\Desktop\Wissen erzählen.lnk [2012-03-16 21:40:30 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012-03-16 21:40:30 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2011-10-05 14:18:42 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011-10-05 14:07:33 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011-10-03 17:37:34 | 000,417,792 | ---- | C] () -- C:\Windows\SysWow64\MFPBot.dll [2011-10-03 17:37:33 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\InstallMFPPS.dll [2011-10-03 17:37:32 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\Install98MFPPS.dll [2011-10-03 17:37:31 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ddschk.dll [2011-10-03 17:37:31 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\Config.ini [2011-09-07 11:39:06 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2011-08-22 11:38:32 | 000,007,607 | ---- | C] () -- C:\Users\HP\AppData\Local\resmon.resmoncfg [2011-08-03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011-05-19 08:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign [2011-05-19 08:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign [2011-05-16 20:11:54 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011-05-16 20:11:54 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011-03-29 09:24:16 | 000,001,854 | ---- | C] () -- C:\Users\HP\AppData\Roaming\GhostObjGAFix.xml [2011-02-15 12:30:06 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011-02-15 12:06:15 | 000,001,789 | ---- | C] () -- C:\Users\HP\Default.atp [2011-02-15 12:06:15 | 000,000,281 | ---- | C] () -- C:\Users\HP\HP.properties [2011-02-15 11:52:35 | 001,562,722 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-02-14 16:57:18 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll [2011-01-28 14:45:20 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011-01-26 14:35:48 | 000,000,600 | ---- | C] () -- C:\Users\HP\winscp.RND [2011-01-26 11:53:55 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat [2011-01-26 11:53:55 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat [2011-01-26 11:53:49 | 001,090,560 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe [2011-01-26 11:53:49 | 000,398,336 | ---- | C] () -- C:\Program Files (x86)\Rar.exe [2011-01-26 11:53:49 | 000,302,191 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm [2011-01-26 11:53:49 | 000,262,656 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe [2011-01-26 11:53:49 | 000,166,400 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll [2011-01-26 11:53:49 | 000,141,824 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll [2011-01-26 11:53:49 | 000,130,560 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe [2011-01-26 11:53:49 | 000,123,832 | ---- | C] () -- C:\Program Files (x86)\Default64.SFX [2011-01-26 11:53:49 | 000,094,648 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX [2011-01-26 11:53:49 | 000,094,183 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX [2011-01-26 11:53:49 | 000,093,184 | ---- | C] () -- C:\Program Files (x86)\Default.SFX [2011-01-26 11:53:49 | 000,074,752 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX [2011-01-26 11:53:49 | 000,070,656 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX [2011-01-26 11:53:49 | 000,048,786 | ---- | C] () -- C:\Program Files (x86)\winrar.lng [2011-01-26 11:53:49 | 000,019,021 | ---- | C] () -- C:\Program Files (x86)\rar.lng [2011-01-26 11:53:49 | 000,003,986 | ---- | C] () -- C:\Program Files (x86)\uninstall.lng [2011-01-26 11:53:49 | 000,003,978 | ---- | C] () -- C:\Program Files (x86)\Order.htm [2011-01-26 11:53:49 | 000,001,754 | ---- | C] () -- C:\Program Files (x86)\rarext.lng [2011-01-26 11:53:49 | 000,001,679 | ---- | C] () -- C:\Program Files (x86)\Descript.ion [2011-01-26 11:53:49 | 000,001,255 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst [2011-01-26 11:53:49 | 000,000,718 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst [2011-01-26 11:53:49 | 000,000,622 | ---- | C] () -- C:\Program Files (x86)\File_Id.diz [2011-01-25 20:50:49 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\optbuhe.dll [2010-09-11 07:54:35 | 000,256,616 | ---- | C] () -- C:\Windows\nViewSetup.exe [2010-09-11 07:49:06 | 000,255,360 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2010-09-11 07:49:06 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2010-09-11 07:49:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010-07-16 14:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign [2010-07-16 14:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign [2010-07-16 14:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign [2010-07-15 16:01:46 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign ========== LOP Check ========== [2012-07-06 12:14:48 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012-03-15 09:11:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Und hier schließlich noch von OTL das LOG-File "Extra" Code:
ATTFilter OTL Extras logfile created on: 6-7-2012 12:28:26 - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\HP\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,52% Memory free
7,72 Gb Paging File | 5,99 Gb Available in Paging File | 77,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,95 Gb Total Space | 13,66 Gb Free Space | 9,05% Space Free | Partition Type: NTFS
Drive E: | 143,04 Gb Total Space | 73,44 Gb Free Space | 51,34% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,99 Gb Free Space | 99,69% Space Free | Partition Type: FAT32
Drive G: | 100,00 Mb Total Space | 71,56 Mb Free Space | 71,57% Space Free | Partition Type: NTFS
Computer Name: XXXXXXXXXXXXXXXXX | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE Fotobuch\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0358F1F4-9376-4D3D-BF5A-37F0F08CE44A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09F66E71-B55B-4828-BE17-6F2B40990F1A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0D635516-ACF6-4B5E-98EB-7F55DD2F0260}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{125C498F-FA11-41DC-8F07-91EDA4CEF97B}" = lport=14135 | protocol=17 | dir=in | name=server application |
"{1B29446C-01CD-4F73-80A3-CA7224F93DF8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23231D53-4B9F-4043-ABE6-5C83EA61D4EC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2BED3CA1-9E10-453D-AB43-9C46A6D8CC2C}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C42F5EC-13BA-4105-A3AC-B9EFAE4D7728}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2CA43336-28B5-473A-886C-C938D97A5573}" = lport=2869 | protocol=6 | dir=in | app=system |
"{36511A13-D7CB-497A-8FF7-3ACE69AE6405}" = rport=137 | protocol=17 | dir=out | app=system |
"{3B137980-06EA-4D4B-937C-3E453DDD047E}" = lport=137 | protocol=17 | dir=in | app=system |
"{45F5E85F-03A6-4410-BBFA-E8DAEEB4FF37}" = lport=13878 | protocol=17 | dir=in | name=mfp manager |
"{656E6D24-E592-411B-965E-5D0DD558E490}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A5D2D1E-57DA-48D2-9F9E-6D92F1EC6115}" = lport=445 | protocol=6 | dir=in | app=system |
"{7415EB16-B823-4E67-9CD6-865B7A24C47B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83BB0F19-DC54-43CA-8B4D-2B46847C6278}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8519A530-98EE-4CD5-8DD4-7BA333918419}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{901FDFC7-0A73-4930-B8F9-5B4E4B6288DE}" = rport=445 | protocol=6 | dir=out | app=system |
"{9677F6A7-FD79-4FE9-8443-53A28CFB9969}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A62D024-38DE-4B1C-8401-D978CF99C4B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9D2AF015-A41C-48A9-9E2E-AD844451808D}" = lport=13364 | protocol=17 | dir=in | name=mfp server manager |
"{A03BCEBB-D28A-4448-9DCF-68DD3A20C858}" = lport=14135 | protocol=6 | dir=in | name=server application |
"{A10AD0F5-D168-426A-AEB3-33507EBB9978}" = lport=69 | protocol=17 | dir=in | name=mfp server manager tftp |
"{B7E2E0A4-7303-4485-9B10-392CBAEA7481}" = lport=139 | protocol=6 | dir=in | app=system |
"{BB1CC303-B231-4460-9ABC-952594DDA882}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6A79644-D2DB-4AB1-BA17-4072CD52C25F}" = lport=13621 | protocol=17 | dir=in | name=mfp setup wizard |
"{D6046558-D8FA-4AE1-AEC8-0A060D58007C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E9E2978D-2F82-4D2A-9892-646A2E7A205A}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA9B9169-3523-41F3-A7D6-556E1CD60A0C}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00027CEF-019E-4CD5-BA43-E2688BAA982E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{01A363F9-D7FB-447D-9FAD-6A0C59C64A27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10D55C79-965F-4473-8455-D34FB2871E80}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1BB2E20E-15E2-4327-96E2-0010D801D15D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{21AB4E5F-E9AE-4384-86D9-C5AA370699C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{27ADDB7B-CEEF-4A9E-B1F6-0DB7429CAFAF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{28732924-92D5-44CD-A48C-CF015C6465F2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{41A59A4C-CD37-475D-AC38-232D2AAD78CD}" = protocol=17 | dir=in | app=c:\program files (x86)\mfp server utilities\mfpagent.exe |
"{47F1B390-8081-4C58-8222-3B2C8195A32B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C3B6547-AABD-4583-81C3-264049417557}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DC185E3-2AD2-4E24-A63E-9B5D58A382D4}" = protocol=6 | dir=in | app=c:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe |
"{51B9DCE9-1204-4F16-9854-EB3F7D394989}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{529BE60B-49DC-4175-A578-1E0788E4DB44}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{67934BA7-400A-46AD-9A74-956BFD84F68E}" = protocol=17 | dir=in | app=c:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe |
"{6A1C9C31-B276-45D7-AF61-C43EF9D222CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A44DC67-F4F2-47DE-BFD9-9B43FCA6089B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{819A6AE5-E813-4839-AB0C-8056DEE57072}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{8475DF2B-BF63-4E1B-A73F-FE8E5C83F862}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94115C44-DE77-407A-929D-837A47405F73}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9E0E4E09-49F6-42BA-B6CB-B8298FB8885A}" = protocol=6 | dir=out | app=system |
"{A3F083FA-48CE-4E6D-AC89-69768AEF08F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6161EE3-A6C3-4FA3-85F3-9ED8EB02BA31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A79B92EA-8009-4488-A803-7EDBD37DF650}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{A98691A7-4BFC-4192-A1E0-7B16C34DDCEC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B5DD3D43-2191-4063-AD92-D1EF2BBC95B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D867E860-DBCF-4FA0-ADEB-7C5FF9BBC7B0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DDAE64D4-F581-44E8-BF1C-3681E8488160}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE1D5209-0C0A-4231-9B07-64B4ACC268FA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFC4FE28-F970-48D5-B966-CA0D27449A9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9CFA185-132B-415A-B52D-540547C20BC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED9C2D7B-5CED-4D7F-9BE4-B9A0CC2FC74D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF071909-CF2E-45C7-B99D-ADE744F6C339}" = protocol=6 | dir=in | app=c:\program files (x86)\mfp server utilities\mfpagent.exe |
"TCP Query User{00D9245C-F275-4E9C-B921-576B290DF675}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2DA05B88-8347-4E48-9D54-3B0465C6A8EC}C:\program files\lacie\network assistant\lacie network assistant.exe" = protocol=6 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
"TCP Query User{5E1CB298-811D-4E69-B10D-5995AE5D587E}C:\program files\lacie\network assistant\lacie network assistant.exe" = protocol=6 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
"TCP Query User{608F11FA-E894-469B-ABD9-5587CF7EC00B}C:\program files (x86)\avid\metasync\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\avid\metasync\jre\bin\java.exe |
"TCP Query User{63781F17-3DD9-4FB3-83E1-8EF21C23DE8A}C:\program files (x86)\mfp server utilities\mfpagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mfp server utilities\mfpagent.exe |
"TCP Query User{83F73032-CFCA-44C6-A218-535CC8D0DE92}C:\program files (x86)\avid\avid media composer\avidbinindexer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\avid\avid media composer\avidbinindexer.exe |
"TCP Query User{AC55C262-9615-49BC-A478-1D6133789423}C:\program files (x86)\avid\avid media composer\avidbinindexer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\avid\avid media composer\avidbinindexer.exe |
"UDP Query User{64194503-864B-4FF1-BD13-6C2DF346C97A}C:\program files (x86)\avid\avid media composer\avidbinindexer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\avid\avid media composer\avidbinindexer.exe |
"UDP Query User{6634B6AF-E90C-4CB3-BC54-167072714B0E}C:\program files (x86)\mfp server utilities\mfpagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mfp server utilities\mfpagent.exe |
"UDP Query User{6F3FEC00-9D9A-430C-A1B6-938AD4F4E0A4}C:\program files (x86)\avid\avid media composer\avidbinindexer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\avid\avid media composer\avidbinindexer.exe |
"UDP Query User{748BA452-6BB0-4E92-BA9F-92E7AA9B05E5}C:\program files\lacie\network assistant\lacie network assistant.exe" = protocol=17 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
"UDP Query User{7F724844-A350-4B26-944B-643E05E8DC67}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{994C75CD-585C-42FA-8C19-4B7E902B99AF}C:\program files (x86)\avid\metasync\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\avid\metasync\jre\bin\java.exe |
"UDP Query User{A4B9F482-AB6C-4362-9997-B4ECC1809639}C:\program files\lacie\network assistant\lacie network assistant.exe" = protocol=17 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09A06482-FAF9-4DC5-9EC7-D340B394E22A}" = HP Power Assistant
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{142C1F50-9C90-4C53-8BEB-B69F586392A8}" = HP Power Data
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{32394B71-1E8E-4233-8958-B84F4CDC8F4D}" = Privacy Manager for HP ProtectTools
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{544A04F6-28FD-4C24-A34D-FC2B89222505}" = Embedded Security for HP ProtectTools
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{6AF618BF-C95B-4049-B7B4-1388469F1E0C}" = HP Wireless Assistant
"{75126DE9-C8EC-46B2-949F-EFA770AAFD9B}" = HP ProtectTools Security Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{8F258628-2E18-4C2E-8127-EF4EFAF5F75C}" = HP 3D DriveGuard
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{ABCB696E-2494-48FC-826D-0666CEE460DB}" = Drive Encryption for HP ProtectTools
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1" = LaCie Network Assistant 1.5.7.63
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}" = Validity Fingerprint Driver
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F4477CC0-7293-414A-93BC-20EE897A80F0}" = Java Card Security for HP ProtectTools
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"CCleaner" = CCleaner
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26D317F9-B72D-42AA-B76A-F8CBEC350D99}" = Windows 7 Default Setting
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}" = Avid DVD by Sonic
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3FD7540B-F30D-4F62-9B85-6B66E9BEA0D8}" = Avid EDL Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616AF9E4-0B24-4108-9EDF-8FF0B0E79747}" = Avid FilmScribe
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6D7D94E8-7B49-400C-843E-C1E7C3396893}" = Avid Media Composer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{718B55A5-1C84-4348-A629-4BA271FB3E17}" = Avid MediaLog
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{94AEAB3C-36E5-4CB7-BEE3-2B7C3C78E9E6}" = MFP Server Utilities
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6365256-0FBA-4DCD-88CE-D92A4DC9328E}" = HP ESU for Microsoft Windows 7
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D26F7C78-E2D7-49AB-8E64-53CB8AE99074}" = XDCAM EX Clip Browser
"{D2D8328B-F031-4F69-8621-250701844E9A}" = SxS device driver
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FB43BFA5-088E-49B4-95EC-7E3F42B60D6D}" = MetaSync
"{FDD2E1AE-5150-4CB9-A4D8-4C03ECF88E43}" = Avid Log Exchange
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"32fsu32_is1" = File Scavenger 3.2 (English)
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"ARAX Disk Doctor Data Recovery" = ARAX Disk Doctor Data Recovery
"Avira AntiVir Desktop" = Avira Free Antivirus
"Babylon" = Babylon
"Buchführungshelfer" = Buchführungshelfer
"Drive Encryption" = Drive Encryption for HP ProtectTools
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"FLV Player" = FLV Player 2.0 (build 25)
"Glary Utilities_is1" = Glary Utilities 2.46.0.1518
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PcCloneEX" = PcCloneEX
"VLC media player" = VLC media player 1.1.7
"winscp3_is1" = WinSCP 3.8.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MLQTSource" = MediaLooks QuickTime Source 1.7.2.2 (DirectShow Filter)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30-11-2011 13:29:52 | Computer Name = XXXXXXXXXXXXXXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: startup.exe, Version: 2.39.0.1310,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0x4c4 Startzeit der fehlerhaften Anwendung: 0x01ccaf85a887d982 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Glary Utilities\startup.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: e903e245-1b78-11e1-b3c6-705ab6b52ef3
Error - 30-11-2011 13:29:55 | Computer Name = XXXXXXXXXXXXXXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: startup.exe, Version: 2.39.0.1310,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00032581 ID des fehlerhaften
Prozesses: 0x4c4 Startzeit der fehlerhaften Anwendung: 0x01ccaf85a887d982 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Glary Utilities\startup.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: ead0b9c4-1b78-11e1-b3c6-705ab6b52ef3
Error - 30-11-2011 16:59:32 | Computer Name = XXXXXXXXXXXXXXXX | Source = ESENT | ID = 455
Description = Windows (4328) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000F6.log.
Error - 30-11-2011 16:59:32 | Computer Name = XXXXXXXXXXXXXXXX | Source = Windows Search Service | ID = 9000
Description =
Error - 30-11-2011 16:59:32 | Computer Name = XXXXXXXXXXXXXXXX | Source = Windows Search Service | ID = 7040
Description =
Error - 30-11-2011 16:59:32 | Computer Name = XXXXXXXXXXXXXXXX | Source = Windows Search Service | ID = 7042
Description =
Error - 30-11-2011 16:59:32 | Computer Name = XXXXXXXXXXXXXXXX | Source = Windows Search Service | ID = 9002
Description =
Error - 30-11-2011 16:59:32 | Computer Name = XXXXXXXXXXXXXXXX | Source = Windows Search Service | ID = 3029
Description =
Error - 30-11-2011 16:59:34 | Computer Name = XXXXXXXXXXXXXXXX | Source = Windows Search Service | ID = 3029
Description =
Error - 30-11-2011 16:59:34 | Computer Name = XXXXXXXXXXXXXXXX | Source = Windows Search Service | ID = 3028
Description =
Error - 30-11-2011 16:59:34 | Computer Name = XXXXXXXXXXXXXXXX | Source = Windows Search Service | ID = 3058
Description =
Error - 30-11-2011 16:59:34 | Computer Name = XXXXXXXXXXXXXXXX | Source = Windows Search Service | ID = 7010
Description =
Error - 15-12-2011 6:33:41 | Computer Name = XXXXXXXXXXXXXXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WinSCP3.exe, Version: 3.8.1.328,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000096 Fehleroffset: 0x02f9872e ID des fehlerhaften
Prozesses: 0x1154 Startzeit der fehlerhaften Anwendung: 0x01ccbb132725abe5 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\WinSCP3\WinSCP3.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 40f2ceda-2708-11e1-856f-705ab6b52ef3
Error - 15-12-2011 6:33:41 | Computer Name = XXXXXXXXXXXXXXXX | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm Windows SFTP/SCP client wurde wegen dieses Fehlers
geschlossen. Programm: Windows SFTP/SCP client Datei: Der Fehlerwert ist im Abschnitt
"Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut.
Diese
Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird,
wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei
zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator
überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem
Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z.
B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem,
indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
/F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie
wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien
auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp:
0
[ Hewlett-Packard Events ]
Error - 29-9-2011 6:17:47 | Computer Name = XXXXXXXXXXXXXXXX | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091129121745.xml
File not created by asset agent
Error - 3-11-2011 10:28:02 | Computer Name = XXXXXXXXXXXXXXXX | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/9f9a95c8_2493_46c9_84f0_bdd7a4f1b9c9/4vuqezsjw2hulkdse96at+vq_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3953 Ram Utilization: 70 TargetSite: Void UpdateDetail(System.String)
Error - 20-1-2012 4:58:16 | Computer Name = XXXXXXXXXXXXXXXX | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/18cb06b2_3368_4a99_84ce_f52441dd1793/db2pmdv1fcltj6cioyfr4boo_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3953 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)
Error - 27-1-2012 4:44:33 | Computer Name = XXXXXXXXXXXXXXXX | Source = hpsa_service.exe | ID = 2000
Description =
Error - 22-3-2012 9:01:22 | Computer Name = XXXXXXXXXXXXXXXX | Source = HPSF.exe | ID = 4000
Description =
Error - 22-3-2012 9:05:03 | Computer Name = XXXXXXXXXXXXXXXX | Source = HPSF.exe | ID = 4000
Description =
Error - 22-3-2012 9:06:59 | Computer Name = XXXXXXXXXXXXXXXX | Source = HPSF.exe | ID = 4000
Description =
Error - 22-3-2012 9:07:19 | Computer Name = XXXXXXXXXXXXXXXX | Source = HPSF.exe | ID = 4000
Description =
Error - 29-4-2012 6:57:16 | Computer Name = XXXXXXXXXXXXXXXX | Source = HPSF.exe | ID = 4000
Description =
Error - 29-5-2012 8:23:34 | Computer Name = XXXXXXXXXXXXXXXX | Source = HPSF.exe | ID = 4000
Description =
[ HP Power Assistant Events ]
Error - 4-7-2012 10:30:54 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 4-7-2012 10:30:54 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 4-7-2012 10:52:32 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 4-7-2012 10:52:32 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 4-7-2012 10:52:36 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.
Error - 4-7-2012 10:52:37 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
Error - 4-7-2012 10:52:37 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from
the power usage node (planName=HP powerSource=AC). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 4-7-2012 10:52:40 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 4-7-2012 10:52:40 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 4-7-2012 13:13:33 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
[ HP Software Framework Events ]
Error - 6-7-2012 6:11:43 | Computer Name = XXXXXXXXXXXXXXXX | Source = CaslSmBios | ID = 5
Description = 2012.07.06 12:11:43.193|00000E3C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 6-7-2012 6:11:43 | Computer Name = XXXXXXXXXXXXXXXX | Source = CaslSmBios | ID = 5
Description = 2012.07.06 12:11:43.349|00000E3C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 6-7-2012 6:11:43 | Computer Name = XXXXXXXXXXXXXXXX | Source = CaslSmBios | ID = 5
Description = 2012.07.06 12:11:43.365|00000E3C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 6-7-2012 6:11:43 | Computer Name = XXXXXXXXXXXXXXXX | Source = CaslSmBios | ID = 5
Description = 2012.07.06 12:11:43.396|00000E3C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 6-7-2012 6:11:43 | Computer Name = XXXXXXXXXXXXXXXX | Source = CaslSmBios | ID = 5
Description = 2012.07.06 12:11:43.427|00000E3C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 6-7-2012 6:11:43 | Computer Name = XXXXXXXXXXXXXXXX | Source = CaslSmBios | ID = 5
Description = 2012.07.06 12:11:43.459|00000E3C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 6-7-2012 6:11:43 | Computer Name = XXXXXXXXXXXXXXXX | Source = CaslSmBios | ID = 5
Description = 2012.07.06 12:11:43.474|00000E3C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 6-7-2012 6:11:43 | Computer Name = XXXXXXXXXXXXXXXX | Source = CaslSmBios | ID = 5
Description = 2012.07.06 12:11:43.505|00000E3C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 6-7-2012 6:15:41 | Computer Name = XXXXXXXXXXXXXXXX | Source = CaslWmi | ID = 5
Description = 2012.07.06 12:15:41.787|000014AC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 6-7-2012 6:15:45 | Computer Name = XXXXXXXXXXXXXXXX | Source = CaslSmBios | ID = 5
Description = 2012.07.06 12:15:45.500|000014AC|Error |[CaslWmi]CommandPMC::B{hpCasl.enReturnCode(byte[]&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call PMC/02h while getting PMC Capabilities
info
[ HP Wireless Assistant Events ]
Error - 5-7-2012 12:25:42 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 5-7-2012 12:25:42 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 5-7-2012 12:28:21 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 5-7-2012 12:28:21 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 5-7-2012 13:03:17 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 5-7-2012 13:36:40 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 5-7-2012 13:58:26 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 6-7-2012 4:13:39 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 6-7-2012 4:51:38 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 6-7-2012 6:28:59 | Computer Name = XXXXXXXXXXXXXXXX | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
[ Media Center Events ]
Error - 1-5-2011 3:46:11 | Computer Name = XXXXXXXXXXXXXXXX | Source = MCUpdate | ID = 0
Description = 09:46:11 - Fehler beim Herstellen der Internetverbindung. 09:46:11
- Serververbindung konnte nicht hergestellt werden..
Error - 1-5-2011 3:46:18 | Computer Name = XXXXXXXXXXXXXXXX | Source = MCUpdate | ID = 0
Description = 09:46:16 - Fehler beim Herstellen der Internetverbindung. 09:46:16
- Serververbindung konnte nicht hergestellt werden..
Error - 1-6-2011 3:32:07 | Computer Name = XXXXXXXXXXXXXXXX | Source = MCUpdate | ID = 0
Description = 09:32:07 - Fehler beim Herstellen der Internetverbindung. 09:32:07
- Serververbindung konnte nicht hergestellt werden..
Error - 12-6-2011 10:21:41 | Computer Name = XXXXXXXXXXXXXXXX | Source = MCUpdate | ID = 0
Description = 16:21:41 - Fehler beim Herstellen der Internetverbindung. 16:21:41
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 6-7-2012 3:25:22 | Computer Name = XXXXXXXXXXXXXXXX | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Aspi32.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 6-7-2012 3:25:36 | Computer Name = XXXXXXXXXXXXXXXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MFP Server Enhanced Controller" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 6-7-2012 3:25:48 | Computer Name = 8XXXXXXXXXXXXXXXX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Aspi32 Lbd
Error - 6-7-2012 3:59:39 | Computer Name = XXXXXXXXXXXXXXXX | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 6-7-2012 4:02:33 | Computer Name = XXXXXXXXXXXXXXXX | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Aspi32.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 6-7-2012 4:02:45 | Computer Name = XXXXXXXXXXXXXXXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MFP Server Enhanced Controller" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 6-7-2012 4:03:16 | Computer Name = XXXXXXXXXXXXXXXX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Aspi32 Lbd
Error - 6-7-2012 6:08:59 | Computer Name = XXXXXXXXXXXXXXXX | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Aspi32.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 6-7-2012 6:09:07 | Computer Name = XXXXXXXXXXXXXXXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MFP Server Enhanced Controller" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 6-7-2012 6:09:33 | Computer Name = XXXXXXXXXXXXXXXX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Aspi32 Lbd
< End of report >
DANKE für weitere Tipps. Viele Grüße Franklin |
|
06.07.2012, 23:43
| #4 | |
| /// Helfer-Team | C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung das Programm anscheinend in nicht legaler Weise auf dein PC gelangt?!: Zitat:
Einen durch Keygen [Key Generator/Keymaker] verseuchten PC und eventuell gespeicherte externe Daten auf SB Sticks, ext.Platte etc,, sollte formatiert und neu aufgesetzt werden, weil ja durch gecrackte oder mit Viren verseuchte Software wie auch immer, ein Angreifer erfolgreich in dein System eingedrungen ist:-> *Technische Kompromittierung* Denn die angebotenen Programme und Dateien enthalten jede erdenkliche Art von Malware/Schadprogramm wie z.B. Backdoors, Rootkits etc, die dann den PC unter Kontrolle nehmen und die Administratorrolle übernehmen können Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, Hilfe unsererseits ist gar nicht möglich. Aus diesem Grund sehen wir uns gezwungen den Thread zu schließen:-> Ich möchte dich darauf hinweisen, dass wir bei Verwendung von Keygens & Cracks keine Beihilfe leisten wollen! :-> Forumregel:- Cracks, Keygens und andere illegale Software Also Du kannst Dir viel Ärger und unnötige Zeitverschwendung ersparen, indem du dein System und auch die externe potenziell verseuchte Platte, USB-Stick etc formatiers und Windows (ohne Cracks & Keygens) neu installierst! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
07.07.2012, 15:51
| #5 |
| | C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung Hallo Kira, das tut mir sehr leid - ich habe das File gefunden und gelöscht. Der Cumputer wurde von mir gebraucht auf Ebay gekauft und von mehreren Leuten genutzt; da steckt man manchmal nicht in allem drin. Ich respektiere aber Euer Prinzip und finde es auch verständlich... Trotzdem vielen Dank für die Mühe! Eine Lehre ist es mir in jedem Fall! MFG Franklin |
|
08.07.2012, 07:10
| #6 | ||||
| /// Helfer-Team | C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? FehlermeldungZitat:
Tipps & Rat: ➊ Datensicherung: ► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen - Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall! - Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren! - Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...: - die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung Absolut empfehlenswerter Scanner: Zitat:
➋ -> Anleitung: Neuaufsetzen des Systems + Absicherung -> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7 ➌ Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ --> C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung |
|
| Themen zu C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung |
| adaware, antivir, appdata, bundespolizei, bundestrojaner, deaktiviert, fehlermeldung, festgestellt, free, hallo zusammen, hilfe!, löschen, neu, plötzlich, rechner, relativ, retten, rückgängig, suche, surfen, system, systemstart, sytem, temp, virus, warnhinweis, windows |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse. 
Linear-Darstellung
