| |
| |||||||
Log-Analyse und Auswertung: UKASH/ Hellomoto TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.09.2012, 12:05
| #1 |
| |  UKASH/ Hellomoto Trojaner ahoihoi, Ein bekannter von mir hat sich den wunderbaren HelloMoto eingefangen. Ich bräuchte mal eure Hilfe. OTL.txt Code:
ATTFilter OTL logfile created on: 9/3/2012 12:42:56 PM - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\christianwinkler\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 59.98% Memory free 7.59 Gb Paging File | 6.08 Gb Available in Paging File | 80.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 280.79 Gb Total Space | 174.81 Gb Free Space | 62.25% Space Free | Partition Type: NTFS Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.63% Space Free | Partition Type: FAT32 Drive L: | 136.46 Gb Total Space | 4.90 Gb Free Space | 3.59% Space Free | Partition Type: NTFS Drive O: | 5536.14 Gb Total Space | 4145.47 Gb Free Space | 74.88% Space Free | Partition Type: NTFS Drive P: | 136.46 Gb Total Space | 4.90 Gb Free Space | 3.59% Space Free | Partition Type: NTFS Drive S: | 136.46 Gb Total Space | 4.90 Gb Free Space | 3.59% Space Free | Partition Type: NTFS Drive T: | 5536.14 Gb Total Space | 4145.47 Gb Free Space | 74.88% Space Free | Partition Type: NTFS Drive U: | 5536.14 Gb Total Space | 4145.47 Gb Free Space | 74.88% Space Free | Partition Type: NTFS Drive Z: | 136.46 Gb Total Space | 4.90 Gb Free Space | 3.59% Space Free | Partition Type: NTFS Computer Name: HH-HP-NB1 | User Name: christianwinkler | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/03 12:42:43 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\christianwinkler\Desktop\OTL.exe PRC - [2010/03/31 01:04:46 | 000,629,000 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012/09/03 10:25:20 | 000,108,392 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV:64bit: - [2010/06/14 14:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2010/04/05 20:15:22 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2010/04/05 20:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010/03/31 01:04:50 | 000,462,088 | ---- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2010/03/17 14:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/02/19 00:52:30 | 002,045,232 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2010/02/02 02:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV:64bit: - [2010/02/02 02:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge) SRV:64bit: - [2009/12/30 00:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/07/08 21:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2009/06/04 01:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Stopped] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore) SRV:64bit: - [2009/03/03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters) SRV - [2012/09/03 10:54:02 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011/12/12 12:55:14 | 000,701,376 | ---- | M] (SolarWinds) [Auto | Stopped] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs) SRV - [2011/12/12 12:54:44 | 000,120,768 | ---- | M] (SolarWinds) [Auto | Stopped] -- C:\Windows\SysWOW64\DNTUS26.EXE -- (DNTUS26) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/03/21 18:05:18 | 000,293,944 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2011/02/08 15:10:28 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2011/02/01 01:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2010/07/08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService) SRV - [2010/03/22 11:38:02 | 000,703,080 | ---- | M] (Fortinet Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/17 14:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe -- (STacSV) SRV - [2010/03/17 02:37:08 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2010/03/04 01:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/03/04 01:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/02/19 00:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2010/01/19 20:17:10 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2010/01/08 23:55:54 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009/12/07 20:36:10 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2009/11/23 20:08:10 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009/10/16 15:29:20 | 001,941,128 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten) SRV - [2009/10/16 15:26:56 | 001,937,712 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan) SRV - [2009/07/15 17:39:26 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw) SRV - [2009/07/15 17:36:48 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/03 12:33:43 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36) DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/27 03:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2011/10/27 03:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2011/10/27 03:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2011/10/27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011/10/27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011/10/27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011/09/16 14:44:23 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2011/09/16 14:44:23 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2011/09/16 14:44:22 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2011/09/16 14:44:22 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/22 14:45:24 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011/01/22 14:30:30 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2011/01/22 14:30:30 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2011/01/22 14:30:30 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010/09/12 22:31:45 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/04/21 21:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/03/17 14:48:42 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/02/16 21:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010/02/03 16:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/02/02 02:11:36 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock) DRV:64bit: - [2010/02/02 02:11:34 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock) DRV:64bit: - [2010/02/02 02:11:32 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot) DRV:64bit: - [2010/02/01 21:12:14 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2010/01/19 01:34:18 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/01/07 20:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010/01/07 20:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010/01/07 20:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010/01/07 20:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/01/07 19:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2010/01/04 19:03:46 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp) DRV:64bit: - [2010/01/04 19:03:46 | 000,201,232 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf) DRV:64bit: - [2009/12/12 00:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2009/12/01 19:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009/10/29 03:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2009/10/27 00:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2009/10/21 22:37:52 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2009/09/17 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/21 18:53:06 | 000,042,528 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pppop64.sys -- (pppop) DRV:64bit: - [2009/07/15 17:37:36 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/07/09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/07/08 21:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2009/07/08 21:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 20:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg) DRV:64bit: - [2008/03/14 17:00:00 | 000,005,632 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DamewareMini.sys -- (DwMirror) DRV:64bit: - [2007/02/15 19:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd) DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf) DRV - [2011/07/12 10:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter) DRV - [2011/07/12 10:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys -- (TmPreFilter) DRV - [2011/07/12 10:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys -- (VSApiNt) DRV - [2011/04/26 14:35:50 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\massfilter.sys -- (massfilter) DRV - [2010/02/02 02:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SbAlg) DRV - [2010/02/02 02:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2010/02/02 02:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\windows\SysWow64\drivers\rsvlock.sys -- (RsvLock) DRV - [2010/02/02 02:11:22 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009/09/10 14:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006/05/07 08:30:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\sentinel.sys -- (Sentinel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} IE:64bit: - HKLM\..\SearchScopes\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\..\SearchScopes,DefaultScope = {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D} IE - HKLM\..\SearchScopes\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\..\SearchScopes,DefaultScope = {ABD08224-52BE-45C2-893C-654FB7CECD59} IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\..\SearchScopes\{17C43A11-19FC-4D0D-80F7-520D4E952BC4}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\..\SearchScopes\{ABD08224-52BE-45C2-893C-654FB7CECD59}: "URL" = hxxp://www.google.at/search?q={searchTerms} IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.) FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/09/12 22:05:33 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [OfficeScanNT Monitor] -HideWindow File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [xmllite] C:\Users\christianwinkler\AppData\Local\Microsoft\Windows\302\xmllite.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1214440339-1935655697-839522115-2641..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe () O4 - HKU\S-1-5-21-1214440339-1935655697-839522115-2641..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-1214440339-1935655697-839522115-2641..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1297159332119 (MUCatalogWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {C2CE96C6-0732-4A48-BA35-6060526BA7A2} hxxp://hh-pr-hpplot4000ps.heiz-hofst.local/hp/device/webAccess/multipleFileUpload.cab (HP Multiple File Upload Control) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = heiz-hofst.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{461255F4-7739-4DFE-9FF7-2D104AADEA40}: DhcpNameServer = 192.168.10.11 192.168.10.6 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56D09BED-0E6A-4FA8-B47E-B409E24E3BEA}: DhcpNameServer = 192.168.43.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/09/23 10:37:59 | 000,000,000 | ---D | M] - S:\AutoCAD 2007 SP2 -- [ NTFS ] O32 - AutoRun File - [2010/10/14 07:05:03 | 004,997,120 | ---- | M] (Autodesk, Inc.) - S:\autocad_mep_2008_oe0.exe -- [ NTFS ] O32 - AutoRun File - [2012/05/10 01:08:54 | 000,000,000 | ---D | M] - U:\autocad14 -- [ NTFS ] O33 - MountPoints2\{046ad225-6fdc-11e0-91d8-6431507cff55}\Shell - "" = AutoRun O33 - MountPoints2\{046ad225-6fdc-11e0-91d8-6431507cff55}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{1fa3e942-e061-11e0-b9c4-ac8112345e55}\Shell - "" = AutoRun O33 - MountPoints2\{1fa3e942-e061-11e0-b9c4-ac8112345e55}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{88dbea73-65f7-11e0-8a8c-ac8112345e55}\Shell - "" = AutoRun O33 - MountPoints2\{88dbea73-65f7-11e0-8a8c-ac8112345e55}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{9c97d8c7-4a10-11e0-a19c-6431507cff55}\Shell - "" = AutoRun O33 - MountPoints2\{9c97d8c7-4a10-11e0-a19c-6431507cff55}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{9c97d8cb-4a10-11e0-a19c-6431507cff55}\Shell - "" = AutoRun O33 - MountPoints2\{9c97d8cb-4a10-11e0-a19c-6431507cff55}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{b11c3ed7-2623-11e0-85f2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b11c3ed7-2623-11e0-85f2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{b19a9370-33a6-11e0-8dbf-ac8112345e55}\Shell - "" = AutoRun O33 - MountPoints2\{b19a9370-33a6-11e0-8dbf-ac8112345e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{b19a9383-33a6-11e0-8dbf-ac8112345e55}\Shell - "" = AutoRun O33 - MountPoints2\{b19a9383-33a6-11e0-8dbf-ac8112345e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{b19a9392-33a6-11e0-8dbf-ac8112345e55}\Shell - "" = AutoRun O33 - MountPoints2\{b19a9392-33a6-11e0-8dbf-ac8112345e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{b19a93a3-33a6-11e0-8dbf-ac8112345e55}\Shell - "" = AutoRun O33 - MountPoints2\{b19a93a3-33a6-11e0-8dbf-ac8112345e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{b19a93a6-33a6-11e0-8dbf-ac8112345e55}\Shell - "" = AutoRun O33 - MountPoints2\{b19a93a6-33a6-11e0-8dbf-ac8112345e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/03 12:42:42 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\christianwinkler\Desktop\OTL.exe [2012/09/03 12:10:59 | 000,000,000 | ---D | C] -- C:\Users\christianwinkler\Desktop\ccc [2012/09/03 12:10:15 | 000,000,000 | ---D | C] -- C:\Users\christianwinkler\AppData\Roaming\hellomoto [2012/09/03 11:28:20 | 000,120,768 | ---- | C] (SolarWinds) -- C:\windows\SysWow64\DNTUS26.EXE [2012/09/03 10:53:59 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/09/03 10:53:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2012/09/03 10:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2012/09/03 10:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012/09/03 10:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012/08/09 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\christianwinkler\Desktop\Gumpendorferstr. 6, 1060 Wien [11 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/03 12:43:44 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\christianwinkler\Desktop\OTL.exe [2012/09/03 12:39:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/09/03 12:39:30 | 4076,265,472 | -HS- | M] () -- C:\hiberfil.sys [2012/09/03 12:33:43 | 000,030,496 | ---- | M] () -- C:\windows\SysNative\drivers\hitmanpro36.sys [2012/09/03 12:15:39 | 001,219,266 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/09/03 12:15:39 | 000,812,586 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/09/03 12:15:39 | 000,319,134 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/09/03 12:15:39 | 000,275,984 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/09/03 12:15:39 | 000,006,756 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/09/03 12:14:57 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/03 12:14:57 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/03 11:10:57 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/09/03 10:53:59 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/09/03 10:53:59 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/09/03 10:35:28 | 000,000,425 | ---- | M] () -- C:\windows\BRWMARK.INI [2012/09/03 10:35:28 | 000,000,027 | ---- | M] () -- C:\windows\BRPP2KA.INI [2012/09/03 10:33:15 | 000,000,376 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForchristianwinkler.job [2012/09/03 10:25:20 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2012/09/03 06:28:53 | 000,016,014 | ---- | M] () -- C:\windows\cfgall.ini [2012/08/09 07:13:25 | 000,001,854 | ---- | M] () -- C:\Users\christianwinkler\AppData\Roaming\GhostObjGAFix.xml [11 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/03 12:33:43 | 000,030,496 | ---- | C] () -- C:\windows\SysNative\drivers\hitmanpro36.sys [2012/09/03 10:54:04 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/09/03 10:25:20 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2012/05/11 09:56:09 | 000,000,117 | ---- | C] () -- C:\windows\SysWow64\DWRCCMDError.ini [2012/04/12 08:25:37 | 000,000,335 | ---- | C] () -- C:\windows\Brpfx04a.ini [2012/04/12 08:25:37 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini [2012/04/12 08:24:26 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\BrMuSNMP.dll [2012/04/12 08:24:23 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini [2012/04/12 08:24:23 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat [2012/04/12 07:59:18 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI [2012/04/12 07:59:18 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI [2011/12/05 19:50:22 | 000,000,419 | ---- | C] () -- C:\Users\christianwinkler\AppData\Local\Temp_tmp_.xml [2011/12/05 18:54:06 | 000,000,089 | ---- | C] () -- C:\windows\SysWow64\MSBII.dll [2011/12/05 18:47:12 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\WKAuxil.dll [2011/12/05 18:47:11 | 000,338,944 | ---- | C] () -- C:\windows\SysWow64\lffpx7.dll [2011/12/05 18:47:11 | 000,118,784 | ---- | C] () -- C:\windows\SysWow64\lfkodak.dll [2011/12/05 18:47:04 | 003,782,416 | ---- | C] () -- C:\windows\SysWow64\mso97.dll [2011/11/03 14:07:07 | 000,005,632 | ---- | C] () -- C:\Users\christianwinkler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2011/04/12 11:30:01 | 000,001,854 | ---- | C] () -- C:\Users\christianwinkler\AppData\Roaming\GhostObjGAFix.xml [2011/02/08 12:38:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI [2011/02/07 15:25:36 | 000,016,014 | ---- | C] () -- C:\windows\cfgall.ini [2011/02/07 13:21:29 | 000,000,459 | ---- | C] () -- C:\windows\hpntwksetup.ini [2011/02/07 13:04:55 | 001,636,060 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/02/07 12:31:11 | 000,003,254 | R--- | C] () -- C:\windows\SysWow64\hptcpmon.ini [2011/02/07 12:28:02 | 000,000,056 | ---- | C] () -- C:\windows\hpdj4000.ini [2011/02/07 11:30:38 | 000,001,473 | ---- | C] () -- C:\windows\ODBCINST.INI [2011/02/07 11:30:38 | 000,000,648 | ---- | C] () -- C:\windows\ODBC.INI [2011/02/07 11:30:02 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\implode.dll [2011/02/07 11:23:50 | 000,053,248 | ---- | C] () -- C:\windows\UninstSC.exe [2011/02/07 11:07:29 | 000,003,180 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/01/22 14:48:47 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll [2011/01/22 14:48:47 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2011/01/22 14:48:47 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2010/09/12 22:42:11 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdffdid.sys [2010/09/12 22:15:46 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini [2010/09/12 22:08:45 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini ========== LOP Check ========== [2011/02/07 10:39:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DigitalPersona [2011/02/07 12:13:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk [2011/02/07 11:10:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DigitalPersona [2011/02/07 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Plancal [2011/09/16 14:53:52 | 000,000,000 | ---D | M] -- C:\Users\christianwinkler\AppData\Roaming\3DataManager [2011/02/08 15:11:11 | 000,000,000 | ---D | M] -- C:\Users\christianwinkler\AppData\Roaming\Autodesk [2011/08/08 17:27:24 | 000,000,000 | ---D | M] -- C:\Users\christianwinkler\AppData\Roaming\cadenas [2011/02/08 14:51:48 | 000,000,000 | ---D | M] -- C:\Users\christianwinkler\AppData\Roaming\DigitalPersona [2012/07/20 10:06:13 | 000,000,000 | ---D | M] -- C:\Users\christianwinkler\AppData\Roaming\FileZilla [2011/04/20 12:33:40 | 000,000,000 | ---D | M] -- C:\Users\christianwinkler\AppData\Roaming\PixelPlanet [2011/02/08 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\christianwinkler\AppData\Roaming\Plancal [2011/04/26 09:53:51 | 000,000,000 | ---D | M] -- C:\Users\christianwinkler\AppData\Roaming\Program Files (x86) [2011/10/19 09:54:15 | 000,000,000 | ---D | M] -- C:\Users\christianwinkler\AppData\Roaming\Samsung [2011/12/16 11:44:07 | 000,000,000 | ---D | M] -- C:\Users\christianwinkler\AppData\Roaming\Temp [2012/05/13 08:03:06 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 9/3/2012 12:42:56 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\christianwinkler\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.80 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 59.98% Memory free
7.59 Gb Paging File | 6.08 Gb Available in Paging File | 80.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 174.81 Gb Free Space | 62.25% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.63% Space Free | Partition Type: FAT32
Drive L: | 136.46 Gb Total Space | 4.90 Gb Free Space | 3.59% Space Free | Partition Type: NTFS
Drive O: | 5536.14 Gb Total Space | 4145.47 Gb Free Space | 74.88% Space Free | Partition Type: NTFS
Drive P: | 136.46 Gb Total Space | 4.90 Gb Free Space | 3.59% Space Free | Partition Type: NTFS
Drive S: | 136.46 Gb Total Space | 4.90 Gb Free Space | 3.59% Space Free | Partition Type: NTFS
Drive T: | 5536.14 Gb Total Space | 4145.47 Gb Free Space | 74.88% Space Free | Partition Type: NTFS
Drive U: | 5536.14 Gb Total Space | 4145.47 Gb Free Space | 74.88% Space Free | Partition Type: NTFS
Drive Z: | 136.46 Gb Total Space | 4.90 Gb Free Space | 3.59% Space Free | Partition Type: NTFS
Computer Name: HH-HP-NB1 | User Name: christianwinkler | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 513
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 513
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{300B9C59-5415-4D8A-ACC6-ED67414BB80C}" = lport=18169 | protocol=6 | dir=in | name=trend micro officescan listener |
"{D4995011-52EA-4BA8-B58A-1CE312EB7CA0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DEABC618-78A0-44AE-B862-F679C02236E4}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0994F8-E11F-435C-999C-F73B075B1F0F}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08y\faxrx.exe |
"{26B56E5E-FC3D-4F73-9434-BF0FDDB70DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08y\faxrx.exe |
"{73D26187-21EC-453D-A574-934900FC69B2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9D9AA013-4CB5-4108-8441-EFE4574E24E9}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |
"{A5CD99CF-4C3C-49B6-B85C-C88C19CDA697}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |
"{CEC766A6-7D55-47AE-9370-037288AFC645}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F26A028C-66D5-4951-9D27-787C4577751E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C3B202-DE77-4FC4-A5F4-E6F9E1A3C026}" = Plancal® nova 8.0 x64
"{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}" = Privacy Manager for HP ProtectTools
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{2A17A067-ABC7-4717-A563-F090DD88AB57}" = Plancal® nova 7.2 x64
"{34E6F14D-68F9-486D-87BA-6AA8431F3F44}" = Drive Encryption for HP ProtectTools
"{3C33FD2E-6B21-4CD3-B41A-A7331D467617}" = HP Power Assistant
"{42DBA167-C25D-49CE-BBAF-DEC25E737DA8}" = HP Power Data
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F1D0580-8575-4055-B7C9-62F5CB4E6607}" = HP HotKey Support
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D06DE3F-0B91-4E1F-B791-619A9D1B53EF}" = HP ProtectTools Security Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}" = Validity Fingerprint Driver
"{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F4477CC0-7293-414A-93BC-20EE897A80F0}" = Java Card Security for HP ProtectTools
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HitmanPro36" = HitmanPro 3.6
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E9678A0-B4C1-11D2-863F-00C04F6E09F2}" = Microsoft Project 2000
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{2511D82C-2688-41C2-ABF8-AF237795989B}" = pdfforge Toolbar v6.2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26808792-37BC-4AE9-B002-D4A89CF7C5ED}" = SCwin_April201004-01
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3A0FD0E8-7825-468D-8808-A5D63B11777B}" = HP Software Framework
"{404C18ED-873A-4191-BA03-30F627445418}" = Sentinel Protection Installer 7.3.0
"{4054365C-8CD6-4F08-A2F9-44CADFD7A9D0}" = HP Documentation
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AFE14FB-90E6-4CAA-BF0E-57518E7F2A52}" = KlimaCR10
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5783F2D7-5001-0407-0002-0060B0CE6BBA}" = AutoCAD 2007 - Deutsch
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5F2F77D7-7428-4982-8FF3-0D6BA6624DA9}" = Accent EXCEL Password Recovery
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7382AEEF-D777-4925-A504-779D33B99771}" = SOLAR-COMPUTER-Software
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7861911B-4270-498A-8F7A-FCF0570F4877}" = HP QuickWeb
"{80F09355-8F40-4856-B18F-AF4D6C14042F}" = HP ESU for Microsoft Windows 7
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A34DCE59-0004-0000-2082-3F8A9926B752}" = FortiClient SSL VPN v4.0.2082
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BBB23E10-C670-11DD-90CD-278156D89593}" = HP Webregistrierung
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C87B7CC7-782B-438C-B1AD-9D3ECF746385}" = pit-CAD 2007
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D43BF72B-32DB-4FF2-A15E-07D7F8A95DB3}" = KlimaCR10
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"3DataManager" = 3DataManager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Drive Encryption" = Drive Encryption for HP ProtectTools
"GPL Ghostscript" = GPL Ghostscript
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HP Designjet 4000 Series" = HP Designjet 4000 Printer Series
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OfficeScanNT" = Trend Micro OfficeScan Client
"PDF Complete" = PDF Complete Special Edition
"SOLAR-COMPUTER-Software" = SOLAR-COMPUTER-Software
"TCM Planner 2011 3.1.0.1" = TCM Planner 2011 3.1.0.1
"WinKlima" = WinKlima
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1214440339-1935655697-839522115-2641\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FileZilla Client" = FileZilla Client 3.5.3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/3/2012 5:40:50 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 9/3/2012 5:40:50 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 9/3/2012 5:55:06 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\christianwinkler\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 9/3/2012 5:55:07 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\christianwinkler\Downloads\SoftonicDownloader_fuer_desktopmessage.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 9/3/2012 5:59:51 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = PerfNet | ID = 2004
Description =
Error - 9/3/2012 5:59:52 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = PerfNet | ID = 2004
Description =
Error - 9/3/2012 6:08:08 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = AdvisorDock | ID = 100
Description =
Error - 9/3/2012 6:15:36 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 9/3/2012 6:15:36 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 9/3/2012 6:15:36 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ Hewlett-Packard Events ]
Error - 7/19/2012 12:55:58 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071219065556.xml
File not created by asset agent
Error - 7/25/2012 3:43:16 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071225094314.xml
File not created by asset agent
Error - 7/25/2012 3:43:25 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071225094317.xml
File not created by asset agent
Error - 7/26/2012 1:23:20 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071226072311.xml
File not created by asset agent
Error - 7/26/2012 1:23:25 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071226072320.xml
File not created by asset agent
Error - 7/27/2012 12:58:33 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071227065830.xml
File not created by asset agent
Error - 7/27/2012 12:58:42 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071227065833.xml
File not created by asset agent
Error - 8/9/2012 1:13:21 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081209071310.xml
File not created by asset agent
Error - 8/9/2012 1:13:24 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081209071321.xml
File not created by asset agent
Error - 9/3/2012 12:38:20 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091203063809.xml
File not created by asset agent
[ HP Power Assistant Events ]
Error - 9/3/2012 12:30:00 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = HP PA Service | ID = 0
Description = System.NullReferenceException Der Objektverweis wurde nicht auf eine
Objektinstanz festgelegt. bei HistoricalDataFile.DeviceStateTableFileManager.WriteToFile(ReadOnlyCollection`1
deviceStatesTable) bei HistoricalDataFile.StateChangeTableFileManager.WriteToFile(StateChange
stateChange) bei HistoricalDataFile.StateChangeTableFileManager.WriteToFileIfDifferent(StateChange
stateChange) bei HistoricalDataFile.HistoricalDataAccess.AddUnmonitoredOrErrorMeasurement(StateChange
stateChange) bei HPPA_Service.HistoricalDataWriter.AddTheUnmonitoredConsumption(Nullable`1
oldS0Sample, Int32 s0SampleCount, Nullable`1 oldSxSample, Int32 sxSampleCount,
Int64 sampleRate) bei HPPA_Service.HistoricalDataWriter..ctor(String hdaPath,
CurrentConfiguration currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount,
Nullable`1 oldSxAverage, Int32 sxSampleCount, Int64 sampleRate) bei HPPA_Service.HistoricalFileManager.PrepareLog()
Error - 9/3/2012 12:30:00 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = HP PA Service | ID = 0
Description = System.IO.IOException Der Prozess kann nicht auf die Datei "C:\ProgramData\Hewlett-Packard\HP
Power Assistant\Historical Data\DeviceTable.his" zugreifen, da sie von einem anderen
Prozess verwendet wird. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
FileShare share) bei HistoricalDataFile.HDFileManager.OpenForAppend() bei HistoricalDataFile.HistoricalDataAccess.OpenForAppend(List`1
supportedDevices) bei HPPA_Service.HistoricalDataWriter..ctor(String hdaPath,
CurrentConfiguration currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount,
Nullable`1 oldSxAverage, Int32 sxSampleCount, Int64 sampleRate) bei HPPA_Service.HistoricalFileManager.PrepareLog()
bei HPPA_Service.HistoricalFileManager.ClearCalibrationData() bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 9/3/2012 5:24:06 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException Die Auflistung wurde geändert. Der
Enumerationsvorgang kann möglicherweise nicht ausgeführt werden. bei System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource
resource) bei System.Collections.Generic.List`1.Enumerator.MoveNextRare() bei
System.Collections.Generic.List`1.Enumerator.MoveNext() bei HistoricalDataFile.HistoricalDataAccess.EnsureFilesExist()
bei HistoricalDataFile.HistoricalDataAccess.OpenForAppend(List`1 supportedDevices)
bei HPPA_Service.HistoricalDataWriter..ctor(String hdaPath, CurrentConfiguration
currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount, Nullable`1 oldSxAverage,
Int32 sxSampleCount, Int64 sampleRate) bei HPPA_Service.HistoricalFileManager.PrepareLog()
Error - 9/3/2012 5:24:06 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException Die Auflistung wurde geändert. Der
Enumerationsvorgang kann möglicherweise nicht ausgeführt werden. bei System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource
resource) bei System.Collections.Generic.List`1.Enumerator.MoveNextRare() bei
System.Collections.Generic.List`1.Enumerator.MoveNext() bei HistoricalDataFile.HistoricalDataAccess.EnsureFilesExist()
bei HistoricalDataFile.HistoricalDataAccess.OpenForAppend(List`1 supportedDevices)
bei HPPA_Service.HistoricalDataWriter..ctor(String hdaPath, CurrentConfiguration
currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount, Nullable`1 oldSxAverage,
Int32 sxSampleCount, Int64 sampleRate) bei HPPA_Service.HistoricalFileManager.PrepareLog()
Error - 9/3/2012 5:24:06 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException Die Auflistung wurde geändert. Der
Enumerationsvorgang kann möglicherweise nicht ausgeführt werden. bei System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource
resource) bei System.Collections.Generic.List`1.Enumerator.MoveNextRare() bei
System.Collections.Generic.List`1.Enumerator.MoveNext() bei HistoricalDataFile.HistoricalDataAccess.EnsureFilesExist()
bei HistoricalDataFile.HistoricalDataAccess.OpenForAppend(List`1 supportedDevices)
bei HPPA_Service.HistoricalDataWriter..ctor(String hdaPath, CurrentConfiguration
currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount, Nullable`1 oldSxAverage,
Int32 sxSampleCount, Int64 sampleRate) bei HPPA_Service.HistoricalFileManager.PrepareLog()
bei HPPA_Service.HistoricalFileManager.OnPanelPowerChange(UInt32 milliwatts)
bei HPPA_Service.HPPA_Service.UpdatePanelBrightness()
Error - 9/3/2012 5:38:45 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException Die Auflistung wurde geändert. Der
Enumerationsvorgang kann möglicherweise nicht ausgeführt werden. bei System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource
resource) bei System.Collections.Generic.List`1.Enumerator.MoveNextRare() bei
System.Collections.Generic.List`1.Enumerator.MoveNext() bei HistoricalDataFile.HistoricalDataAccess.EnsureFilesExist()
bei HistoricalDataFile.HistoricalDataAccess.OpenForAppend(List`1 supportedDevices)
bei HPPA_Service.HistoricalDataWriter..ctor(String hdaPath, CurrentConfiguration
currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount, Nullable`1 oldSxAverage,
Int32 sxSampleCount, Int64 sampleRate) bei HPPA_Service.HistoricalFileManager.PrepareLog()
Error - 9/3/2012 5:38:45 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException Die Auflistung wurde geändert. Der
Enumerationsvorgang kann möglicherweise nicht ausgeführt werden. bei System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource
resource) bei System.Collections.Generic.List`1.Enumerator.MoveNextRare() bei
System.Collections.Generic.List`1.Enumerator.MoveNext() bei HistoricalDataFile.HistoricalDataAccess.EnsureFilesExist()
bei HistoricalDataFile.HistoricalDataAccess.OpenForAppend(List`1 supportedDevices)
bei HPPA_Service.HistoricalDataWriter..ctor(String hdaPath, CurrentConfiguration
currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount, Nullable`1 oldSxAverage,
Int32 sxSampleCount, Int64 sampleRate) bei HPPA_Service.HistoricalFileManager.PrepareLog()
Error - 9/3/2012 5:38:45 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException Die Auflistung wurde geändert. Der
Enumerationsvorgang kann möglicherweise nicht ausgeführt werden. bei System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource
resource) bei System.Collections.Generic.List`1.Enumerator.MoveNextRare() bei
System.Collections.Generic.List`1.Enumerator.MoveNext() bei HistoricalDataFile.HistoricalDataAccess.EnsureFilesExist()
bei HistoricalDataFile.HistoricalDataAccess.OpenForAppend(List`1 supportedDevices)
bei HPPA_Service.HistoricalDataWriter..ctor(String hdaPath, CurrentConfiguration
currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount, Nullable`1 oldSxAverage,
Int32 sxSampleCount, Int64 sampleRate) bei HPPA_Service.HistoricalFileManager.PrepareLog()
bei HPPA_Service.HistoricalFileManager.ClearCalibrationData() bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 9/3/2012 6:09:56 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = HP PA Service | ID = 0
Description = System.IO.IOException Der Prozess kann nicht auf die Datei "C:\ProgramData\Hewlett-Packard\HP
Power Assistant\Historical Data\DeviceTable.his" zugreifen, da sie von einem anderen
Prozess verwendet wird. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
FileShare share) bei HistoricalDataFile.HDFileManager.OpenForAppend() bei HistoricalDataFile.HistoricalDataAccess.OpenForAppend(List`1
supportedDevices) bei HPPA_Service.HistoricalDataWriter..ctor(String hdaPath,
CurrentConfiguration currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount,
Nullable`1 oldSxAverage, Int32 sxSampleCount, Int64 sampleRate) bei HPPA_Service.HistoricalFileManager.PrepareLog()
Error - 9/3/2012 6:09:56 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = HP PA Service | ID = 0
Description = System.IO.IOException Der Prozess kann nicht auf die Datei "C:\ProgramData\Hewlett-Packard\HP
Power Assistant\Historical Data\DeviceTable.his" zugreifen, da sie von einem anderen
Prozess verwendet wird. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess
access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions
options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare
share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
FileShare share) bei HistoricalDataFile.HDFileManager.OpenForAppend() bei HistoricalDataFile.HistoricalDataAccess.OpenForAppend(List`1
supportedDevices) bei HPPA_Service.HistoricalDataWriter..ctor(String hdaPath,
CurrentConfiguration currentConfig, Nullable`1 oldS0Average, Int32 s0SampleCount,
Nullable`1 oldSxAverage, Int32 sxSampleCount, Int64 sampleRate) bei HPPA_Service.HistoricalFileManager.PrepareLog()
bei HPPA_Service.HistoricalFileManager.ClearCalibrationData() bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
[ HP Wireless Assistant Events ]
Error - 1/22/2011 8:35:52 AM | Computer Name = 3F1L2QJLRNSO6 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 1/22/2011 8:35:52 AM | Computer Name = 3F1L2QJLRNSO6 | Source = HP WA Service | ID = 0
Description = System.Exception Register() failed : e_GENERAL_EXCEPTION at HP_Common.CaslWrapper.Register(EventArrivedEventHandler
handler) at HPPA_Service.CurrentConfiguration..ctor()
Error - 1/22/2011 8:35:55 AM | Computer Name = 3F1L2QJLRNSO6 | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597 at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
calibration) at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
[ Media Center Events ]
Error - 6/4/2011 8:39:30 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = MCUpdate | ID = 0
Description = 14:39:30 - Fehler beim Herstellen der Internetverbindung. 14:39:30
- Serververbindung konnte nicht hergestellt werden..
Error - 6/4/2011 8:39:39 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = MCUpdate | ID = 0
Description = 14:39:36 - Fehler beim Herstellen der Internetverbindung. 14:39:36
- Serververbindung konnte nicht hergestellt werden..
Error - 6/4/2011 9:39:44 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = MCUpdate | ID = 0
Description = 15:39:44 - Fehler beim Herstellen der Internetverbindung. 15:39:44
- Serververbindung konnte nicht hergestellt werden..
Error - 6/4/2011 9:39:50 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = MCUpdate | ID = 0
Description = 15:39:49 - Fehler beim Herstellen der Internetverbindung. 15:39:49
- Serververbindung konnte nicht hergestellt werden..
Error - 6/4/2011 10:55:49 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = MCUpdate | ID = 0
Description = 16:55:49 - Fehler beim Herstellen der Internetverbindung. 16:55:49
- Serververbindung konnte nicht hergestellt werden..
Error - 6/4/2011 10:55:57 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = MCUpdate | ID = 0
Description = 16:55:55 - Fehler beim Herstellen der Internetverbindung. 16:55:55
- Serververbindung konnte nicht hergestellt werden..
Error - 6/4/2011 11:56:02 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = MCUpdate | ID = 0
Description = 17:56:02 - Fehler beim Herstellen der Internetverbindung. 17:56:02
- Serververbindung konnte nicht hergestellt werden..
Error - 6/4/2011 11:56:08 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = MCUpdate | ID = 0
Description = 17:56:07 - Fehler beim Herstellen der Internetverbindung. 17:56:07
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 9/3/2012 6:39:43 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 9/3/2012 6:39:43 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 9/3/2012 6:40:02 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = DCOM | ID = 10005
Description =
Error - 9/3/2012 6:40:01 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\windows\System32\bcmihvsrv64.dll Fehlercode: 21
Error - 9/3/2012 6:40:04 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = DCOM | ID = 10005
Description =
Error - 9/3/2012 6:40:05 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = DCOM | ID = 10005
Description =
Error - 9/3/2012 6:40:05 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = DCOM | ID = 10005
Description =
Error - 9/3/2012 6:41:39 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 9/3/2012 6:42:37 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = DCOM | ID = 10005
Description =
Error - 9/3/2012 6:42:37 AM | Computer Name = HH-HP-NB1.heiz-hofst.local | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
03.09.2012, 20:56
| #2 |
| /// Helfer-Team  | UKASH/ Hellomoto Trojaner Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}
IE:64bit: - HKLM\..\SearchScopes\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}
IE - HKLM\..\SearchScopes\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\..\SearchScopes,DefaultScope = {ABD08224-52BE-45C2-893C-654FB7CECD59}
IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\..\SearchScopes\{17C43A11-19FC-4D0D-80F7-520D4E952BC4}: "URL" = http://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\..\SearchScopes\{ABD08224-52BE-45C2-893C-654FB7CECD59}: "URL" = http://www.google.at/search?q={searchTerms}
IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [OfficeScanNT Monitor] -HideWindow File not found
O4:64bit: - HKLM..\Run: [xmllite] C:\Users\christianwinkler\AppData\Local\Microsoft\Windows\302\xmllite.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1214440339-1935655697-839522115-2641\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{046ad225-6fdc-11e0-91d8-6431507cff55}\Shell - "" = AutoRun
O33 - MountPoints2\{046ad225-6fdc-11e0-91d8-6431507cff55}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{1fa3e942-e061-11e0-b9c4-ac8112345e55}\Shell - "" = AutoRun
O33 - MountPoints2\{1fa3e942-e061-11e0-b9c4-ac8112345e55}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{88dbea73-65f7-11e0-8a8c-ac8112345e55}\Shell - "" = AutoRun
O33 - MountPoints2\{88dbea73-65f7-11e0-8a8c-ac8112345e55}\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{9c97d8c7-4a10-11e0-a19c-6431507cff55}\Shell - "" = AutoRun
O33 - MountPoints2\{9c97d8c7-4a10-11e0-a19c-6431507cff55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9c97d8cb-4a10-11e0-a19c-6431507cff55}\Shell - "" = AutoRun
O33 - MountPoints2\{9c97d8cb-4a10-11e0-a19c-6431507cff55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b11c3ed7-2623-11e0-85f2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b11c3ed7-2623-11e0-85f2-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{b19a9370-33a6-11e0-8dbf-ac8112345e55}\Shell - "" = AutoRun
O33 - MountPoints2\{b19a9370-33a6-11e0-8dbf-ac8112345e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b19a9383-33a6-11e0-8dbf-ac8112345e55}\Shell - "" = AutoRun
O33 - MountPoints2\{b19a9383-33a6-11e0-8dbf-ac8112345e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b19a9392-33a6-11e0-8dbf-ac8112345e55}\Shell - "" = AutoRun
O33 - MountPoints2\{b19a9392-33a6-11e0-8dbf-ac8112345e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b19a93a3-33a6-11e0-8dbf-ac8112345e55}\Shell - "" = AutoRun
O33 - MountPoints2\{b19a93a3-33a6-11e0-8dbf-ac8112345e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b19a93a6-33a6-11e0-8dbf-ac8112345e55}\Shell - "" = AutoRun
O33 - MountPoints2\{b19a93a6-33a6-11e0-8dbf-ac8112345e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\.\Autorun.exe AUTORUN=1
[11 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[2012/09/03 12:10:15 | 000,000,000 | ---D | C] -- C:\Users\christianwinkler\AppData\Roaming\hellomoto
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
:Files
C:\Users\christianwinkler\AppData\Local\Microsoft\Windows\302\
C:\Users\christianwinkler\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\christianwinkler\AppData\Local\Temp\*.exe
C:\Users\christianwinkler\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
04.09.2012, 10:02
| #3 |
| | UKASH/ Hellomoto Trojaner Ich hab ihn dann gestern doch noch selber runterbekommen aber ich werd auf jeden fall nochmal den Fix und die anderen Punkte machen. Wie heißt es so schön Nur weil der Virus nicht mehr da ist, heißt das noch lange nicht das das System sauber ist.
__________________Es kann aber ein paar Tage dauern bis ich wieder bei ihm bin. Ich werd mich aber sicher nochmal melden. Bis dahin erstmal vielen dank !  |
|
04.09.2012, 18:29
| #4 | ||
| /// Helfer-Team | UKASH/ Hellomoto TrojanerZitat:
 Zitat:
|
|
17.09.2012, 07:12
| #5 |
| | UKASH/ Hellomoto Trojaner Guten Morgen, Tut mir Leid dass ich mich erst jetzt wieder melde. Das Thema hat sich erledigt Der Laptop wurde komplett neu aufgesetzt, da er sowieso schon sehr langsam war. Trotzdem VIELEN DANK /closed  |
|
18.09.2012, 02:16
| #6 |
| /// Helfer-Team | UKASH/ Hellomoto Trojaner Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun?
__________________ --> UKASH/ Hellomoto Trojaner |
|
| Themen zu UKASH/ Hellomoto Trojaner |
| adobe, adobe flash player, akamai, bho, defender, document, error, explorer, failed, fehler, firefox, flash player, format, helper, home, install.exe, logfile, pdf, pdfforge toolbar, performance, plug-in, prozess, registry, richtlinie, rundll, scan, security, software, trojaner, windows |
Linear-Darstellung
