Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.09.2012, 21:12   #1
everel
 
Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Standard

Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam



Hallo!
Ich brauche dringend Hilfe denke mein Pc ist versäucht!
Alles fing mit einem Avira update an auf einmal war die Ask Toolbar da die lies sich nicht deinstallieren!Pc ist sehr langsam und auch der Malwarebytes Anti- Malware Test zeigte Funde an die jetzt in Quarantäne sind!Das war aber schon vor 2 Wochen! Ich verwende Windows 7 mit 32bit.
Kenn mich am Pc leider nicht recht gut aus denk auch deshalb diese Probleme!
Bitte kann mir wer helfen!
Hier die Log Datei:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.18.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
duke :: DUKE-HP [Administrator]

Schutz: Aktiviert

18.08.2012 12:59:12
mbam-log-2012-08-18 (12-59-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 176612
Laufzeit: 10 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\duke\Downloads\mplayer_tuguu_1276.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\duke\Downloads\ultimatemediaplayer_2.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier der Otl editor:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.08.2012 12:58:53 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\duke\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1011,87 Mb Total Physical Memory | 281,47 Mb Available Physical Memory | 27,82% Memory free
2,00 Gb Paging File | 0,50 Gb Available in Paging File | 25,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,61 Gb Total Space | 163,19 Gb Free Space | 75,69% Space Free | Partition Type: NTFS
Drive D: | 13,11 Gb Total Space | 1,45 Gb Free Space | 11,05% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,82% Space Free | Partition Type: FAT32
 
Computer Name: DUKE-HP | User Name: duke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.31 12:55:03 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\duke\Desktop\OTL.exe
PRC - [2012.08.15 20:17:02 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012.08.11 00:38:41 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.30 18:40:17 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.06.12 17:13:44 | 000,935,480 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.05.11 15:31:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.11 15:31:17 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.11 15:31:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.11 15:31:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011.07.16 07:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.06.30 15:26:56 | 001,138,780 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2011.06.30 15:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.08 10:13:00 | 000,078,904 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.03.28 17:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2011.03.01 16:44:50 | 000,138,400 | ---- | M] (Atheros) -- C:\Programme\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.03.01 16:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) -- C:\Programme\Bluetooth Suite\AdminService.exe
PRC - [2011.02.15 16:48:56 | 002,913,336 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
PRC - [2011.02.15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011.01.27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.11 02:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.18 14:02:11 | 000,565,616 | ---- | M] () -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll
MOD - [2012.07.30 18:40:16 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.13 20:40:21 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.06.13 20:16:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012.06.13 20:15:21 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.13 20:14:40 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.13 20:13:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 20:13:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.13 20:13:14 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.29 16:47:36 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012.05.22 21:30:08 | 000,077,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2012.05.22 21:30:07 | 000,092,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2012.05.11 21:26:16 | 001,917,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll
MOD - [2012.05.11 21:25:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012.05.11 21:25:06 | 009,921,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll
MOD - [2012.05.11 21:22:05 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.11 21:20:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012.05.11 21:18:35 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.11 21:18:33 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.11 21:16:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 21:15:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 21:15:10 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012.05.11 21:15:08 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012.05.11 21:15:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.11 21:11:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.11 21:10:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 21:10:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 21:09:59 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 21:09:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.07.16 07:04:54 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\System.Data.Entity.resources.dll
MOD - [2011.07.16 07:04:17 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2011.07.16 07:04:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.20 23:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.06.24 03:21:04 | 000,904,704 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.30 16:41:56 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.03 03:20:24 | 000,078,072 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012.08.03 03:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012.08.03 03:12:18 | 000,387,440 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.08.03 03:10:40 | 000,476,016 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.07.30 18:40:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.12 17:13:44 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.11 15:31:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.11 15:31:17 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.11 15:31:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.06.30 15:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.03.01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.01 16:44:50 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.03.01 16:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.10.11 02:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stop_Pending] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.08.01 20:13:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.11 15:31:23 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.11 15:31:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.01.05 01:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.30 15:26:56 | 000,442,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011.03.01 16:43:08 | 000,242,336 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011.03.01 16:43:06 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011.03.01 16:43:06 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011.03.01 16:43:06 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011.03.01 16:43:06 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011.03.01 16:43:06 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2011.03.01 16:43:04 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011.02.22 13:15:16 | 002,184,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.12.02 02:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.03 17:17:14 | 000,131,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ArcHlp.sys -- (archlp)
DRV - [2009.04.27 14:15:04 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/14
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{026999E1-8FB3-4146-B4F9-DCB8F85514DD}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/14
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{026999E1-8FB3-4146-B4F9-DCB8F85514DD}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2703B727-41C8-4B9E-9131-6EEC5A2027DA}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{8A36F4B3-BB54-4119-B211-87DFE2FA4AB2}: "URL" = hxxp://startingpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch
IE - HKCU\..\SearchScopes\{8FAE096B-09C6-49E8-9246-8169CAA066F4}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8E66DC14-C668-4B51-AF3C-AE0645F0D78F}&mid=894a3b3d4d5b47d1850b3dd332a225b3-ef9cf92b341352dd1d6e29fc2a3ac1dae92ca3a2&lang=de&ds=tt014&pr=sa&d=2012-02-19 23:23:43&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9C553897-466F-4C32-84D0-F5CD2BD0ACAA}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{9F1C130F-7001-493E-9A75-2A22598C8941}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=3ed999d2-8d77-4dab-8d30-5815f724e53f&apn_sauid=705E981D-63A5-4D23-9AEE-63046871AE73
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D4537CA7-2594-4EE2-AECD-D883110714B8}: "URL" = hxxp://go.gmx.at/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10397&locale=de_AT&apn_uid=3ed999d2-8d77-4dab-8d30-5815f724e53f&apn_ptnrs=^ABV&apn_sauid=705E981D-63A5-4D23-9AEE-63046871AE73&apn_dtid=^YYYYYY^YY^AT&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\duke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\duke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\duke\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\duke\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.07.12 14:07:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.26 01:23:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.26 01:23:09 | 000,000,000 | ---D | M]
 
[2012.05.03 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\Extensions
[2012.08.11 00:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\Firefox\Profiles\dspmrl1w.default\extensions
[2012.08.24 13:59:40 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\duke\AppData\Roaming\mozilla\Firefox\Profiles\dspmrl1w.default\extensions\toolbar@ask.com
[2012.08.08 18:05:02 | 000,000,853 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\11-suche.xml
[2012.08.31 04:25:19 | 000,002,413 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\askcom.xml
[2012.08.08 18:05:03 | 000,002,209 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\englische-ergebnisse.xml
[2012.08.08 18:05:02 | 000,010,506 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\gmx-suche.xml
[2012.08.08 18:05:02 | 000,002,368 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\lastminute.xml
[2012.08.08 18:05:02 | 000,005,489 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\webde-suche.xml
[2012.08.18 14:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.16 10:25:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.18 14:00:42 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.07.16 10:25:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.18 14:00:42 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
[2012.08.07 06:27:57 | 000,503,717 | ---- | M] () (No name found) -- C:\USERS\DUKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSPMRL1W.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.07.30 18:40:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 02:16:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.11 13:19:56 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.19 02:16:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 02:16:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 02:16:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 02:16:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 02:16:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00B6B17D-772C-4396-8250-663F5B28DCA9}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37DE948B-D5A5-4A9D-9412-A8D58DB5F9DA}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D8D2926-5E76-4A66-AFBA-9735DD69B77D}: DhcpNameServer = 10.19.40.1
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\openvpntray.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9f94b006-615d-11e1-a55d-ec9a7446cc40}\Shell - "" = AutoRun
O33 - MountPoints2\{9f94b006-615d-11e1-a55d-ec9a7446cc40}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{9f94b00b-615d-11e1-a55d-ec9a7446cc40}\Shell - "" = AutoRun
O33 - MountPoints2\{9f94b00b-615d-11e1-a55d-ec9a7446cc40}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 12:54:56 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\duke\Desktop\OTL.exe
[2012.08.31 06:30:05 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\AskToolbar
[2012.08.30 20:00:56 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Hewlett-Packard_Company
[2012.08.27 22:41:47 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Diagnostics
[2012.08.27 13:41:19 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Roaming\Apple Computer
[2012.08.26 01:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.08.26 01:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.08.26 01:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.08.26 01:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.08.26 01:12:02 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Apple
[2012.08.26 01:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.08.26 01:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.08.21 13:38:13 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Hewlett-Packard
[2012.08.19 15:48:46 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\CrashDumps
[2012.08.18 21:09:50 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Boss Media
[2012.08.18 17:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012.08.18 14:15:45 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Adobe
[2012.08.18 14:01:42 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2012.08.18 14:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2012.08.18 12:06:07 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Roaming\Malwarebytes
[2012.08.18 12:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.18 12:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.18 12:05:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.18 12:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.18 10:53:46 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Macromedia
[2012.08.16 04:26:34 | 000,000,000 | ---D | C] -- C:\7eeab87973784002bfd5583c10b74d
[2012.08.11 00:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.11 00:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.08.01 20:13:42 | 000,035,560 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 12:55:03 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\duke\Desktop\OTL.exe
[2012.08.31 12:52:26 | 000,000,000 | ---- | M] () -- C:\Users\duke\defogger_reenable
[2012.08.31 12:48:16 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.31 12:45:14 | 000,050,477 | ---- | M] () -- C:\Users\duke\Desktop\Defogger.exe
[2012.08.31 12:16:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 01:46:52 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 01:46:52 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 01:38:22 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.31 01:37:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 01:37:51 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.30 23:48:10 | 000,658,478 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.30 23:48:10 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.30 23:48:10 | 000,130,950 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.30 23:48:10 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.29 01:54:13 | 000,024,213 | ---- | M] () -- C:\Users\duke\AppData\Roaming\UserTile.png
[2012.08.28 07:47:55 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.08.26 01:22:30 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.08.18 14:34:33 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.08.18 12:05:25 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.17 10:31:19 | 000,267,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.14 15:45:27 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForduke.job
[2012.08.01 20:13:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys
 
========== Files Created - No Company Name ==========
 
[2012.08.31 12:52:26 | 000,000,000 | ---- | C] () -- C:\Users\duke\defogger_reenable
[2012.08.31 12:45:09 | 000,050,477 | ---- | C] () -- C:\Users\duke\Desktop\Defogger.exe
[2012.08.29 01:54:13 | 000,024,213 | ---- | C] () -- C:\Users\duke\AppData\Roaming\UserTile.png
[2012.08.26 01:22:30 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.08.26 01:11:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.08.18 12:05:25 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.10 20:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011.07.16 07:07:09 | 000,658,478 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.07.16 07:07:09 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.07.16 07:07:09 | 000,130,950 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.07.16 07:07:09 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.03.03 22:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011.03.01 16:37:52 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
 
========== LOP Check ==========
 
[2012.03.06 22:51:41 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\1&1 Mail & Media GmbH
[2012.03.06 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\AVG
[2012.03.26 21:45:39 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\mquadr.at
[2012.07.11 03:17:19 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\SoftGrid Client
[2012.02.13 22:47:08 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\Synaptics
[2012.07.10 16:32:25 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\TP
[2012.05.05 19:00:03 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\TuneUp Software
[2012.03.05 03:23:22 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\Windows Live Writer
[2012.07.04 15:24:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
         
--- --- ---

dann der Extra text:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.08.2012 12:58:53 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\duke\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1011,87 Mb Total Physical Memory | 281,47 Mb Available Physical Memory | 27,82% Memory free
2,00 Gb Paging File | 0,50 Gb Available in Paging File | 25,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,61 Gb Total Space | 163,19 Gb Free Space | 75,69% Space Free | Partition Type: NTFS
Drive D: | 13,11 Gb Total Space | 1,45 Gb Free Space | 11,05% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,82% Space Free | Partition Type: FAT32
 
Computer Name: DUKE-HP | User Name: duke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FD78B8A-324E-43FA-9296-B07DA5D951E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23CE1920-F7D8-4FF1-8F53-3613F148F231}" = lport=138 | protocol=17 | dir=in | app=system | 
"{381027C2-3483-4460-AFFF-C1662900F5A3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4C57312D-2518-4098-86D5-BA42EC03EAD0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{75CA2962-2FA9-482D-9983-2530C27E2BD9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8A0B4514-6669-4F27-A031-1A6B3D33B193}" = rport=445 | protocol=6 | dir=out | app=system | 
"{90605367-9F1C-407D-A255-1C38C2EC190D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9738C148-00B4-4C71-ADE9-C8191D1C13AB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C3A867C2-F7FE-4113-9850-AC50AA8E8784}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CF2D246B-4D1C-4876-AB41-0C681EE75C44}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC3A1D18-BC0A-47E8-B5C9-7EFF9C3C43FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EF8E3C97-19DC-4B04-A882-78E664EA60A0}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46621B37-AC30-4970-B0C7-37DC442A6C86}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6420D133-9F75-4A80-8516-FA4F829E8875}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{683022F9-DD29-49B1-AE39-6E1838DDE778}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{80791FAF-471E-4950-9229-71262BB2333A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C2B0EB1F-5717-49E9-8B3D-C55444B80FEF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{FF63FCE7-98BD-415B-8140-BD34526EBDC3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3598D33E-AF4E-4423-ABDD-9EA32D03D3DC}" = ArcSoft TotalMedia
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6C4FBAF4-60A3-4BD2-BBA0-AAA3A4A6625E}" = HP Software Framework
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Mobiles Internet für unterwegs
"{ADE91712-EDDE-4262-9EC2-691BAADA55D1}" = HP QuickWeb
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD63F5EF-A0DC-4E5E-8200-E5703531D649}" = HP Camera
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D4736E41-9A74-4000-BF3E-401812E5B395}" = HP Documentation
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = GMX MailCheck für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aonUpdate" = aonUpdate
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"Avira AntiVir Desktop" = Avira Free Antivirus
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"HotspotShield" = Hotspot Shield 2.67
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mobiles Internet für unterwegs" = Mobiles Internet für unterwegs
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WildTangent hp Master Uninstall" = HP Games
"Win2day Poker" = Win2day Poker
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087374" = Jewel Quest - Heritage
"WT087385" = JoJo's Fashion Show
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087408" = Skip-Bo - Castaway Caper
"WT087409" = Tradewinds Legends
"WT087467" = Dream Chronicles
"WT087480" = Insaniquarium Deluxe
"WT087490" = Jewel Quest Solitaire
"WT087495" = Mahjongg Artifacts
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089484" = Namco All-Stars PAC-MAN
"WT089493" = Fishdom
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.08.2012 09:48:42 | Computer Name = duke-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll,
 Version: 11.3.300.271, Zeitstempel: 0x502701bf  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0066e60f  ID des fehlerhaften Prozesses: 0xf40  Startzeit der fehlerhaften Anwendung:
 0x01cd7e10e065cadf  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
Berichtskennung:
 95ed4dae-ea04-11e1-a28b-ec9a7446cc40
 
Error - 19.08.2012 10:02:29 | Computer Name = duke-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll,
 Version: 11.3.300.271, Zeitstempel: 0x502701bf  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x003159e3  ID des fehlerhaften Prozesses: 0x156c  Startzeit der fehlerhaften Anwendung:
 0x01cd7e12155d59b5  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
Berichtskennung:
 82dac5a4-ea06-11e1-a28b-ec9a7446cc40
 
Error - 19.08.2012 19:07:33 | Computer Name = duke-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: openvpnas.exe, Version: 0.0.0.0, 
Zeitstempel: 0x501b2507  Name des fehlerhaften Moduls: openvpnas.exe, Version: 0.0.0.0,
 Zeitstempel: 0x501b2507  Ausnahmecode: 0x40000015  Fehleroffset: 0x0004961e  ID des fehlerhaften
 Prozesses: 0x1684  Startzeit der fehlerhaften Anwendung: 0x01cd7e0e70823b5a  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Hotspot Shield\bin\openvpnas.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files\Hotspot Shield\bin\openvpnas.exe  Berichtskennung:
 a82108ca-ea52-11e1-a28b-ec9a7446cc40
 
Error - 19.08.2012 20:50:52 | Computer Name = duke-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: STacSV.exe, Version: 1.0.6351.0, 
Zeitstempel: 0x4e0d34f6  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00097c41  ID des fehlerhaften
 Prozesses: 0x3f0  Startzeit der fehlerhaften Anwendung: 0x01cd7d979a029ce0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\IDT\WDM\STacSV.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 16ee8b8e-ea61-11e1-a28b-ec9a7446cc40
 
Error - 20.08.2012 06:48:47 | Computer Name = duke-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.08.2012 09:50:58 | Computer Name = duke-HP | Source = hshld | ID = 10103
Description = 
 
Error - 20.08.2012 12:44:46 | Computer Name = duke-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll,
 Version: 11.3.300.271, Zeitstempel: 0x502701bf  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0049110b  ID des fehlerhaften Prozesses: 0x1748  Startzeit der fehlerhaften Anwendung:
 0x01cd7ef2f4a5e014  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
Berichtskennung:
 5901461d-eae6-11e1-91e5-ec9a7446cc40
 
Error - 21.08.2012 05:52:07 | Computer Name = duke-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.08.2012 12:31:39 | Computer Name = duke-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.08.2012 03:28:43 | Computer Name = duke-HP | Source = WinMgmt | ID = 10
Description = 
 
[ Hewlett-Packard Events ]
Error - 11.07.2012 12:10:31 | Computer Name = duke-HP | Source = HPSFMsgr.exe | ID = 4000
Description = 
 
Error - 11.07.2012 14:22:13 | Computer Name = duke-HP | Source = HPSFMsgr.exe | ID = 4000
Description = 
 
Error - 12.07.2012 09:35:22 | Computer Name = duke-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HPSFConfigReader.ConfigHelper.loadXML()

   bei HPSFConfigReader.ConfigHelper..ctor()     bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
 isOnAppLoad)  Message: Eine Ausnahme vom Typ "System.Exception" wurde ausgelöst.  StackTrace:
   bei HPSFConfigReader.ConfigHelper.loadXML()     bei HPSFConfigReader.ConfigHelper..ctor()

   bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
 isOnAppLoad)  Source: HPSFConfigReader    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program
 Files\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE  RAM: 1011  Ram Utilization:
 80  TargetSite: Void loadXML()  
 
Error - 12.07.2012 09:36:33 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 90  TargetSite: Void UpdateAndDetect()  
 
Error - 17.07.2012 07:15:12 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
Error - 24.07.2012 07:43:38 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 90  TargetSite: Void UpdateAndDetect()  
 
Error - 31.07.2012 11:37:28 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
Error - 07.08.2012 09:19:23 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
Error - 08.08.2012 13:15:44 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 90  TargetSite: Void UpdateAndDetect()  
 
Error - 14.08.2012 07:47:35 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
[ HP Connection Manager Events ]
Error - 16.08.2012 19:51:49 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/17 01:51:49.000|000015C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 16.08.2012 19:52:48 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/17 01:52:48.077|000015C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 16.08.2012 19:53:48 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/17 01:53:48.075|000015C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 17.08.2012 20:57:08 | Computer Name = duke-HP | Source = hpMobile | ID = 5
Description = 2012.08.18 02:57:04.676|0000115C|Error      |[HP.Mobile]Wwan::a{void()}|
 
Error - 17.08.2012 21:25:47 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/18 03:25:47.114|00001278|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 18.08.2012 07:17:26 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/18 13:17:26.482|000016C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 18.08.2012 07:17:35 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/18 13:17:35.670|000016C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 18.08.2012 11:24:37 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/18 17:24:37.761|000017C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 18.08.2012 11:24:46 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/18 17:24:46.076|000017C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 18.08.2012 18:54:07 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/19 00:54:07.599|000015C8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
[ System Events ]
Error - 30.06.2012 09:07:54 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 30.06.2012 10:22:52 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 30.06.2012 10:23:10 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 30.06.2012 11:40:46 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpqwmiex erreicht.
 
Error - 30.06.2012 11:41:01 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 30.06.2012 12:48:11 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 30.06.2012 12:48:28 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 30.06.2012 14:46:05 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 01.07.2012 03:45:52 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 01.07.2012 03:46:33 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
--- --- ---

Hoffe das reicht mal fürs erste.

Und noch was diese Viren habe ich bei Avira in Quarantäne :
EXP/JAVA.Niabil.Gen
JAVA/Dldr.Lamar.DC
TR/Kazy.80681
TR/Kazy.80681
ADWARE/Yontoo.uela
ADWARE/Yontoo.uela

Hmmm warum will mir hier denn keiner helfen???
Versteh ich ned ganz !

Alt 04.09.2012, 22:07   #2
Larusso
/// Selecta Jahrusso
 
Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Standard

Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam





Deinstalliere einfach mal Avira.
Hier 2 Alternativen.

Bitte downloade und Installiere Dir eines der folgenden AVPs.

Berichte mal.

btw: Die Funde von Malwarebytes sind schnuppe.
__________________

__________________

Alt 04.09.2012, 22:57   #3
everel
 
Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Standard

Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam



Hallo!
Habe grade die überprüfung mit avast gestartet!

Also die Schnellprüfung hat keinen Virus gefunden!

Also die Schnellprüfung hat keinen virus gefunden!

Also habe auch a vollständige Systemüberprüfung gemacht und die hat auch nichts gefunden allerdings konnte sie nicht alles dursuchen da einige dateien passwortgeschützt sind! Versteh ich ned warum!Habe den Test ja als Admin gemacht!

Also habe auch a vollständige Systemüberprüfung gemacht und die hat auch nichts gefunden allerdings konnte sie nicht alles dursuchen da einige dateien passwortgeschützt sind! Versteh ich ned warum!Habe den Test ja als Admin gemacht!
__________________

Alt 06.09.2012, 00:01   #4
Larusso
/// Selecta Jahrusso
 
Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Standard

Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam



Pc immer noch langsam ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 06.09.2012, 22:13   #5
everel
 
Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Standard

Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam



Pc läuft wieder normal! Habe noch ne frage hatte vor längerer Zeit auch mal den Polizeivirus am Pc ging aber auf einmal weg! Kannst du vielleicht schauen ob da nicht noch Trojaner oder so sind!
Mfg


Alt 07.09.2012, 13:02   #6
Larusso
/// Selecta Jahrusso
 
Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Standard

Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam



Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________
--> Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam

Alt 10.09.2012, 14:07   #7
everel
 
Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Standard

Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam



hier die OTL DateienOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.09.2012 14:48:23 - Run 2
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\everel\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1011,87 Mb Total Physical Memory | 160,77 Mb Available Physical Memory | 15,89% Memory free
1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,61 Gb Total Space | 161,19 Gb Free Space | 74,76% Space Free | Partition Type: NTFS
Drive D: | 13,11 Gb Total Space | 1,45 Gb Free Space | 11,05% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,82% Space Free | Partition Type: FAT32
 
Computer Name: DUKE-HP | User Name: duke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.10 14:26:42 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\everel\Downloads\OTL.exe
PRC - [2012.09.09 15:44:01 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011.07.16 07:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.06.30 15:26:56 | 001,138,780 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2011.06.30 15:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.08 10:13:00 | 000,078,904 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.03.28 17:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2011.03.01 16:44:50 | 000,138,400 | ---- | M] (Atheros) -- C:\Programme\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.03.01 16:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) -- C:\Programme\Bluetooth Suite\AdminService.exe
PRC - [2011.02.15 16:48:56 | 002,913,336 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
PRC - [2011.02.15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011.01.27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.11 02:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.09 15:43:59 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.13 20:40:21 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.06.13 20:16:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012.06.13 20:15:21 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.13 20:14:40 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.13 20:13:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 20:13:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.13 20:13:14 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.29 16:47:36 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012.05.22 21:30:08 | 000,077,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2012.05.22 21:30:07 | 000,092,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2012.05.11 21:26:16 | 001,917,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll
MOD - [2012.05.11 21:25:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012.05.11 21:25:06 | 009,921,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll
MOD - [2012.05.11 21:22:05 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.11 21:20:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012.05.11 21:18:35 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.11 21:18:33 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.11 21:16:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 21:15:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 21:15:10 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012.05.11 21:15:08 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012.05.11 21:15:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.11 21:11:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.11 21:10:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 21:10:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 21:09:59 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 21:09:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.07.16 07:04:54 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\System.Data.Entity.resources.dll
MOD - [2011.07.16 07:04:17 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2011.07.16 07:04:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.20 23:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.06.24 03:21:04 | 000,904,704 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.09 15:43:59 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.15 21:19:54 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.01.17 23:22:00 | 000,077,520 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012.01.17 23:18:54 | 000,331,608 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.06.30 15:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.03.01 16:44:50 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.03.01 16:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011.02.15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.10.11 02:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.01.05 01:01:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012.01.05 01:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011.06.30 15:26:56 | 000,442,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011.03.01 16:43:08 | 000,242,336 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011.03.01 16:43:06 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011.03.01 16:43:06 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011.03.01 16:43:06 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011.03.01 16:43:06 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011.03.01 16:43:06 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2011.03.01 16:43:04 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011.02.22 13:15:16 | 002,184,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.12.02 02:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.03 17:17:14 | 000,131,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ArcHlp.sys -- (archlp)
DRV - [2009.04.27 14:15:04 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/14
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{026999E1-8FB3-4146-B4F9-DCB8F85514DD}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/14
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{026999E1-8FB3-4146-B4F9-DCB8F85514DD}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{2703B727-41C8-4B9E-9131-6EEC5A2027DA}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{8A36F4B3-BB54-4119-B211-87DFE2FA4AB2}: "URL" = hxxp://startingpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{8FAE096B-09C6-49E8-9246-8169CAA066F4}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8E66DC14-C668-4B51-AF3C-AE0645F0D78F}&mid=894a3b3d4d5b47d1850b3dd332a225b3-ef9cf92b341352dd1d6e29fc2a3ac1dae92ca3a2&lang=de&ds=tt014&pr=sa&d=2012-02-19 23:23:43&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{9C553897-466F-4C32-84D0-F5CD2BD0ACAA}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{9F1C130F-7001-493E-9A75-2A22598C8941}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=3ed999d2-8d77-4dab-8d30-5815f724e53f&apn_sauid=705E981D-63A5-4D23-9AEE-63046871AE73
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{D4537CA7-2594-4EE2-AECD-D883110714B8}: "URL" = hxxp://go.gmx.at/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/14
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/14
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{026999E1-8FB3-4146-B4F9-DCB8F85514DD}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{189324C5-A274-4268-9BBC-0A8F8FB46D64}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{2B801DB2-51BF-4E06-87B8-3C1DD63B6E4F}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{2C383474-4FB8-4880-BE69-06C220D0F244}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{5079E31D-F197-4DF8-A598-352B24D983CD}: "URL" = hxxp://go.gmx.at/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{9D009558-FA8A-465D-AAB2-EE52371CDAF9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=3ed999d2-8d77-4dab-8d30-5815f724e53f&apn_sauid=705E981D-63A5-4D23-9AEE-63046871AE73
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.2
FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10397&locale=de_AT&apn_uid=3ed999d2-8d77-4dab-8d30-5815f724e53f&apn_ptnrs=^ABV&apn_sauid=705E981D-63A5-4D23-9AEE-63046871AE73&apn_dtid=^YYYYYY^YY^AT&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\duke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\duke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\duke\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\duke\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.04 23:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 15:44:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 15:44:01 | 000,000,000 | ---D | M]
 
[2012.05.03 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\Extensions
[2012.09.04 20:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\Firefox\Profiles\dspmrl1w.default\extensions
[2012.08.07 06:27:57 | 000,503,717 | ---- | M] () (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\extensions\toolbar@gmx.net.xpi
[2012.07.25 15:17:52 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.08 18:05:02 | 000,000,853 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\11-suche.xml
[2012.09.01 14:50:03 | 000,002,413 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\askcom.xml
[2012.08.08 18:05:03 | 000,002,209 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\englische-ergebnisse.xml
[2012.08.08 18:05:02 | 000,010,506 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\gmx-suche.xml
[2012.08.08 18:05:02 | 000,002,368 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\lastminute.xml
[2012.08.08 18:05:02 | 000,005,489 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\webde-suche.xml
[2012.07.16 10:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.16 10:25:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.04 20:08:07 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.07.16 10:25:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.04 20:08:07 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
[2012.09.09 15:44:01 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 02:16:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 18:10:29 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.09 15:43:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 02:16:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 02:16:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 02:16:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 02:16:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37DE948B-D5A5-4A9D-9412-A8D58DB5F9DA}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\openvpntray.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9f94b006-615d-11e1-a55d-ec9a7446cc40}\Shell - "" = AutoRun
O33 - MountPoints2\{9f94b006-615d-11e1-a55d-ec9a7446cc40}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{9f94b00b-615d-11e1-a55d-ec9a7446cc40}\Shell - "" = AutoRun
O33 - MountPoints2\{9f94b00b-615d-11e1-a55d-ec9a7446cc40}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.09 19:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.09.05 16:24:13 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.09.05 01:37:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.05 01:37:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.05 01:37:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.05 01:37:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.05 01:37:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.05 01:37:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.05 01:37:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.04 23:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.09.04 23:42:01 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.09.04 23:42:01 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.09.04 23:41:59 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.09.04 23:41:58 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.09.04 23:41:54 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.09.04 23:41:54 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.09.04 23:41:20 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.09.04 23:41:19 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.09.04 23:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.09.04 23:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.09.04 21:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\win2day Poker
[2012.09.04 20:19:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.09.04 19:43:49 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.09.04 04:08:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Hotspot Shield
[2012.09.02 17:58:26 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\ElevatedDiagnostics
[2012.09.01 00:25:03 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Roaming\VSO
[2012.08.27 22:41:47 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Diagnostics
[2012.08.27 13:41:19 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Roaming\Apple Computer
[2012.08.26 01:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.08.26 01:12:02 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Apple
[2012.08.26 01:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.08.19 15:48:46 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\CrashDumps
[2012.08.18 17:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012.08.18 14:15:45 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Adobe
[2012.08.18 14:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2012.08.18 12:06:07 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Roaming\Malwarebytes
[2012.08.18 12:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.18 12:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.18 10:53:46 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Macromedia
[2012.08.16 04:35:51 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.16 04:26:34 | 000,000,000 | ---D | C] -- C:\7eeab87973784002bfd5583c10b74d
[2012.08.15 23:43:58 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\AskToolbar
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.10 14:48:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.10 14:29:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3498557078-2271722321-3906987056-1000UA.job
[2012.09.10 14:16:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.10 14:14:14 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 14:14:14 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 14:08:23 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.10 14:06:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.10 14:06:32 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.09 21:59:30 | 000,658,478 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.09 21:59:30 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.09 21:59:30 | 000,130,950 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.09 21:59:30 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.09 18:34:47 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3498557078-2271722321-3906987056-1000Core.job
[2012.09.06 10:02:33 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.09.05 16:17:50 | 000,267,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.04 23:53:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.04 23:42:02 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.04 21:47:26 | 000,001,167 | ---- | M] () -- C:\Users\Public\Desktop\win2day Poker.lnk
[2012.09.04 20:34:36 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.31 12:52:26 | 000,000,000 | ---- | M] () -- C:\Users\duke\defogger_reenable
[2012.08.29 01:54:13 | 000,024,213 | ---- | M] () -- C:\Users\duke\AppData\Roaming\UserTile.png
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.08.15 21:19:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 21:19:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.14 15:45:27 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForduke.job
 
========== Files Created - No Company Name ==========
 
[2012.09.04 23:42:02 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.04 21:47:26 | 000,001,167 | ---- | C] () -- C:\Users\Public\Desktop\win2day Poker.lnk
[2012.08.31 15:55:57 | 026,917,317 | ---- | C] () -- C:\Users\duke\Desktop\Saudi Drifft.mp4
[2012.08.31 12:52:26 | 000,000,000 | ---- | C] () -- C:\Users\duke\defogger_reenable
[2012.08.29 01:54:13 | 000,024,213 | ---- | C] () -- C:\Users\duke\AppData\Roaming\UserTile.png
[2012.04.10 20:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011.07.16 07:07:09 | 000,658,478 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.07.16 07:07:09 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.07.16 07:07:09 | 000,130,950 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.07.16 07:07:09 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.03.03 22:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011.03.01 16:37:52 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
 
========== LOP Check ==========
 
[2012.09.01 21:04:36 | 000,000,000 | ---D | M] -- C:\Users\doimbin\AppData\Roaming\Synaptics
[2012.09.03 01:24:29 | 000,000,000 | ---D | M] -- C:\Users\doimbin\AppData\Roaming\TuneUp Software
[2012.03.06 22:51:41 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\1&1 Mail & Media GmbH
[2012.03.06 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\AVG
[2012.03.26 21:45:39 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\mquadr.at
[2012.07.11 03:17:19 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\SoftGrid Client
[2012.02.13 22:47:08 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\Synaptics
[2012.07.10 16:32:25 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\TP
[2012.05.05 19:00:03 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\TuneUp Software
[2012.09.01 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\VSO
[2012.03.05 03:23:22 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\Windows Live Writer
[2012.09.04 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\everel\AppData\Roaming\Synaptics
[2012.09.04 21:18:47 | 000,000,000 | ---D | M] -- C:\Users\everel\AppData\Roaming\TuneUp Software
[2012.07.04 15:24:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.09.2012 14:48:23 - Run 2
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\everel\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1011,87 Mb Total Physical Memory | 160,77 Mb Available Physical Memory | 15,89% Memory free
1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,61 Gb Total Space | 161,19 Gb Free Space | 74,76% Space Free | Partition Type: NTFS
Drive D: | 13,11 Gb Total Space | 1,45 Gb Free Space | 11,05% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,82% Space Free | Partition Type: FAT32
 
Computer Name: DUKE-HP | User Name: duke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3498557078-2271722321-3906987056-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FD78B8A-324E-43FA-9296-B07DA5D951E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23CE1920-F7D8-4FF1-8F53-3613F148F231}" = lport=138 | protocol=17 | dir=in | app=system | 
"{381027C2-3483-4460-AFFF-C1662900F5A3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4C57312D-2518-4098-86D5-BA42EC03EAD0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{75CA2962-2FA9-482D-9983-2530C27E2BD9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8A0B4514-6669-4F27-A031-1A6B3D33B193}" = rport=445 | protocol=6 | dir=out | app=system | 
"{90605367-9F1C-407D-A255-1C38C2EC190D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9738C148-00B4-4C71-ADE9-C8191D1C13AB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C3A867C2-F7FE-4113-9850-AC50AA8E8784}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CF2D246B-4D1C-4876-AB41-0C681EE75C44}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC3A1D18-BC0A-47E8-B5C9-7EFF9C3C43FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EF8E3C97-19DC-4B04-A882-78E664EA60A0}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46621B37-AC30-4970-B0C7-37DC442A6C86}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6420D133-9F75-4A80-8516-FA4F829E8875}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{683022F9-DD29-49B1-AE39-6E1838DDE778}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{80791FAF-471E-4950-9229-71262BB2333A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FF63FCE7-98BD-415B-8140-BD34526EBDC3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3598D33E-AF4E-4423-ABDD-9EA32D03D3DC}" = ArcSoft TotalMedia
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6C4FBAF4-60A3-4BD2-BBA0-AAA3A4A6625E}" = HP Software Framework
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Mobiles Internet für unterwegs
"{ADE91712-EDDE-4262-9EC2-691BAADA55D1}" = HP QuickWeb
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD63F5EF-A0DC-4E5E-8200-E5703531D649}" = HP Camera
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D4736E41-9A74-4000-BF3E-401812E5B395}" = HP Documentation
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = GMX MailCheck für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aonUpdate" = aonUpdate
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"avast" = avast! Free Antivirus
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"HotspotShield" = Hotspot Shield 2.25
"Mobiles Internet für unterwegs" = Mobiles Internet für unterwegs
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WildTangent hp Master Uninstall" = HP Games
"Win2day Poker" = Win2day Poker
"win2day Poker " = win2day Poker
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087374" = Jewel Quest - Heritage
"WT087385" = JoJo's Fashion Show
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087408" = Skip-Bo - Castaway Caper
"WT087409" = Tradewinds Legends
"WT087467" = Dream Chronicles
"WT087480" = Insaniquarium Deluxe
"WT087490" = Jewel Quest Solitaire
"WT087495" = Mahjongg Artifacts
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089484" = Namco All-Stars PAC-MAN
"WT089493" = Fishdom
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3498557078-2271722321-3906987056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 20:05:48 | Computer Name = duke-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll,
 Version: 11.3.300.271, Zeitstempel: 0x502701bf  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x003159e3  ID des fehlerhaften Prozesses: 0xd14  Startzeit der fehlerhaften Anwendung:
 0x01cd8643293b1587  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
Berichtskennung:
 734d8b79-f236-11e1-bf89-ec9a7446cc40
 
Error - 29.08.2012 20:07:12 | Computer Name = duke-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll,
 Version: 11.3.300.271, Zeitstempel: 0x502701bf  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0049110b  ID des fehlerhaften Prozesses: 0xe50  Startzeit der fehlerhaften Anwendung:
 0x01cd86433c73de04  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
Berichtskennung:
 a5a27f83-f236-11e1-bf89-ec9a7446cc40
 
Error - 29.08.2012 20:24:40 | Computer Name = duke-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll,
 Version: 11.3.300.271, Zeitstempel: 0x502701bf  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0049110b  ID des fehlerhaften Prozesses: 0x1730  Startzeit der fehlerhaften Anwendung:
 0x01cd8643700b41d7  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
Berichtskennung:
 16253665-f239-11e1-bf89-ec9a7446cc40
 
Error - 29.08.2012 23:13:06 | Computer Name = duke-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
 Version: 11.3.300.271, Zeitstempel: 0x5026ffac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll,
 Version: 11.3.300.271, Zeitstempel: 0x502701bf  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ceb63  ID des fehlerhaften Prozesses: 0x510  Startzeit der fehlerhaften Anwendung:
 0x01cd865a6dd7c0df  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
Berichtskennung:
 9dcb5af6-f250-11e1-bf89-ec9a7446cc40
 
Error - 30.08.2012 10:34:10 | Computer Name = duke-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.08.2012 19:38:37 | Computer Name = duke-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.08.2012 07:40:37 | Computer Name = duke-HP | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.62.0.87 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1f58    Startzeit:
 01cd87492a3cd6f9    Endzeit: 303    Anwendungspfad: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID:
 aa8f97a2-f360-11e1-a8b1-ec9a7446cc40  
 
Error - 31.08.2012 07:48:45 | Computer Name = duke-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.08.2012 12:18:58 | Computer Name = duke-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514,
 Zeitstempel: 0x4ce792c4  Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f8f8aa7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x5af7aae9
ID
 des fehlerhaften Prozesses: 0x8c8  Startzeit der fehlerhaften Anwendung: 0x01cd87945077b860
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\MsiExec.exe  Pfad des fehlerhaften
 Moduls: QuickTime.qts  Berichtskennung: 90a7d2e5-f387-11e1-85ac-ec9a7446cc40
 
Error - 31.08.2012 14:48:34 | Computer Name = duke-HP | Source = WinMgmt | ID = 10
Description = 
 
[ Hewlett-Packard Events ]
Error - 24.07.2012 07:43:38 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 90  TargetSite: Void UpdateAndDetect()  
 
Error - 31.07.2012 11:37:28 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
Error - 07.08.2012 09:19:23 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
Error - 08.08.2012 13:15:44 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 90  TargetSite: Void UpdateAndDetect()  
 
Error - 14.08.2012 07:47:35 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
Error - 21.08.2012 07:40:27 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
Error - 04.09.2012 10:23:06 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
Error - 04.09.2012 11:01:55 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
Error - 04.09.2012 11:08:07 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 70  TargetSite: Void UpdateAndDetect()  
 
Error - 04.09.2012 11:14:02 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1011  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
[ HP Connection Manager Events ]
Error - 14.08.2012 09:42:34 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/14 15:42:34.730|000015F0|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 14.08.2012 09:42:36 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/14 15:42:36.930|000015F0|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 14.08.2012 15:45:27 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/14 21:45:27.505|00000CAC|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 14.08.2012 16:22:20 | Computer Name = duke-HP | Source = hpMobile | ID = 5
Description = 2012.08.14 22:22:19.986|00000DC8|Error      |[HP.Mobile]RasHelper::IsConnected{bool(string)}|Called
 with empty name
 
Error - 15.08.2012 15:43:09 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/15 21:43:09.237|000006D4|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 15.08.2012 15:43:25 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/15 21:43:25.187|000006D4|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 15.08.2012 15:43:26 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/15 21:43:26.123|000006D4|Error      |CWLAN::StateChanged|Fire_StateChanged
 failed [hr:0x800706BA]
 
Error - 15.08.2012 22:01:45 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/16 04:01:45.256|00000A84|Error      |CWLAN::StateChanged|Fire_StateChanged
 failed [hr:0x800706BA]
 
Error - 15.08.2012 23:07:10 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/16 05:07:10.994|000013E0|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 15.08.2012 23:07:11 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/16 05:07:11.821|000013E0|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
[ System Events ]
Error - 30.06.2012 09:07:54 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 30.06.2012 10:22:52 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 30.06.2012 10:23:10 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 30.06.2012 11:40:46 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst hpqwmiex erreicht.
 
Error - 30.06.2012 11:41:01 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 30.06.2012 12:48:11 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 30.06.2012 12:48:28 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 30.06.2012 14:46:05 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 01.07.2012 03:45:52 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 01.07.2012 03:46:33 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
--- --- ---

Und alles ok?

Alt 10.09.2012, 21:09   #8
Larusso
/// Selecta Jahrusso
 
Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Standard

Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam



Ich sehe das Du sogenannte Registry Cleaner am System hast.
In deinem Fall TuneUP.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.



Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 17.09.2012, 13:34   #9
Larusso
/// Selecta Jahrusso
 
Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Standard

Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 07.10.2012, 16:36   #10
Larusso
/// Selecta Jahrusso
 
Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Standard

Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam



Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 27.10.2012, 15:39   #11
Larusso
/// Selecta Jahrusso
 
Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Standard

Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam
antivir, asktoolbar, avg secure search, avira, avira searchfree toolbar, bho, bingbar, cid, diner dash, dringend, entfernen, error, failed, firefox, flash player, format, helper, hotspot, index, install.exe, installation, langsam, launch, logfile, mozilla, ntdll.dll, object, origin, plug-in, pup.bundleoffers.iiq, realtek, registry, rundll, secure search, security, sehr langsam, software, svchost.exe, usb 2.0, vtoolbarupdater, warum, wildtangent games, windows, yontoo




Ähnliche Themen: Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam


  1. Windows 8.1 Update konnte nicht abgeschlossen werden
    Alles rund um Windows - 10.08.2015 (3)
  2. kann Avira Antivir nicht deinstallieren (Errorcode 7), update nicht möglich.
    Antiviren-, Firewall- und andere Schutzprogramme - 15.06.2015 (28)
  3. Avira und Spybot lassen sich nicht aktualisieren, Windows-Update geht nicht.
    Plagegeister aller Art und deren Bekämpfung - 02.06.2015 (27)
  4. Avira uns Spybot lassen sich nicht aktualiusieren, Windows Update geht nicht.
    Lob, Kritik und Wünsche - 02.06.2015 (0)
  5. Win 7: konnte ShopGlider Deals bis jetzt nicht entfernen
    Log-Analyse und Auswertung - 09.04.2015 (11)
  6. Windows 7: Avira - Probleme bei Update und Installation
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (30)
  7. Avira pc sicherheit update nicht moeglich
    Alles rund um Windows - 16.01.2015 (1)
  8. diverse Probleme nach AVIRA-Update
    Alles rund um Windows - 22.08.2014 (7)
  9. AVG konnte 2 Viren nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.05.2014 (13)
  10. PC extrem langsam, Malware 2 Funde, Avira schliesst sich ständig, Silverlight update ohne Erfolg
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (19)
  11. Avira Update kann nicht ausgeführt werden
    Log-Analyse und Auswertung - 10.11.2011 (10)
  12. Internet langsam, (Seite konnte nicht gefunden werden)
    Plagegeister aller Art und deren Bekämpfung - 27.02.2011 (7)
  13. Nach Windows Update konnte nicht gesucht werden Code 80072EFE
    Log-Analyse und Auswertung - 30.05.2010 (0)
  14. AVIRA free PROBLEME MIT update
    Antiviren-, Firewall- und andere Schutzprogramme - 17.10.2009 (3)
  15. Avira Update nicht möglich!
    Überwachung, Datenschutz und Spam - 01.10.2009 (12)
  16. Avira-Warnung->Datein konnte nicht geöffnet werden
    Plagegeister aller Art und deren Bekämpfung - 11.01.2009 (12)
  17. Windows XP und Avira Update nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 05.01.2009 (1)

Zum Thema Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam - Hallo! Ich brauche dringend Hilfe denke mein Pc ist versäucht! Alles fing mit einem Avira update an auf einmal war die Ask Toolbar da die lies sich nicht deinstallieren!Pc ist - Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam...
Archiv
Du betrachtest: Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.