|
Plagegeister aller Art und deren Bekämpfung: Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.09.2012, 21:12 | #1 |
| Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam Hallo! Ich brauche dringend Hilfe denke mein Pc ist versäucht! Alles fing mit einem Avira update an auf einmal war die Ask Toolbar da die lies sich nicht deinstallieren!Pc ist sehr langsam und auch der Malwarebytes Anti- Malware Test zeigte Funde an die jetzt in Quarantäne sind!Das war aber schon vor 2 Wochen! Ich verwende Windows 7 mit 32bit. Kenn mich am Pc leider nicht recht gut aus denk auch deshalb diese Probleme! Bitte kann mir wer helfen! Hier die Log Datei: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.18.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 duke :: DUKE-HP [Administrator] Schutz: Aktiviert 18.08.2012 12:59:12 mbam-log-2012-08-18 (12-59-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 176612 Laufzeit: 10 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\duke\Downloads\mplayer_tuguu_1276.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\duke\Downloads\ultimatemediaplayer_2.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hier der Otl editor:OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2012 12:58:53 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\duke\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1011,87 Mb Total Physical Memory | 281,47 Mb Available Physical Memory | 27,82% Memory free 2,00 Gb Paging File | 0,50 Gb Available in Paging File | 25,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,61 Gb Total Space | 163,19 Gb Free Space | 75,69% Space Free | Partition Type: NTFS Drive D: | 13,11 Gb Total Space | 1,45 Gb Free Space | 11,05% Space Free | Partition Type: NTFS Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,82% Space Free | Partition Type: FAT32 Computer Name: DUKE-HP | User Name: duke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.31 12:55:03 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\duke\Desktop\OTL.exe PRC - [2012.08.15 20:17:02 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe PRC - [2012.08.11 00:38:41 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.30 18:40:17 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.06.12 17:13:44 | 000,935,480 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2012.05.11 15:31:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.11 15:31:17 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.11 15:31:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.11 15:31:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe PRC - [2011.07.16 07:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.06.30 15:26:56 | 001,138,780 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2011.06.30 15:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.08 10:13:00 | 000,078,904 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.03.28 17:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe PRC - [2011.03.01 16:44:50 | 000,138,400 | ---- | M] (Atheros) -- C:\Programme\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.03.01 16:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) -- C:\Programme\Bluetooth Suite\AdminService.exe PRC - [2011.02.15 16:48:56 | 002,913,336 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe PRC - [2011.02.15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011.01.27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.11 02:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe PRC - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.08.18 14:02:11 | 000,565,616 | ---- | M] () -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll MOD - [2012.07.30 18:40:16 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.13 20:40:21 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll MOD - [2012.06.13 20:16:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012.06.13 20:15:21 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.13 20:14:40 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.13 20:13:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.13 20:13:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.13 20:13:14 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.05.29 16:47:36 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2012.05.22 21:30:08 | 000,077,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll MOD - [2012.05.22 21:30:07 | 000,092,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll MOD - [2012.05.11 21:26:16 | 001,917,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll MOD - [2012.05.11 21:25:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll MOD - [2012.05.11 21:25:06 | 009,921,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll MOD - [2012.05.11 21:22:05 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.05.11 21:20:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll MOD - [2012.05.11 21:18:35 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.11 21:18:33 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012.05.11 21:16:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 21:15:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 21:15:10 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll MOD - [2012.05.11 21:15:08 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012.05.11 21:15:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.11 21:11:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.11 21:10:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 21:10:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 21:09:59 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 21:09:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.07.16 07:04:54 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\System.Data.Entity.resources.dll MOD - [2011.07.16 07:04:17 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2011.07.16 07:04:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.20 23:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.06.24 03:21:04 | 000,904,704 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV - [2012.08.30 16:41:56 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.03 03:20:24 | 000,078,072 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService) SRV - [2012.08.03 03:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2012.08.03 03:12:18 | 000,387,440 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.08.03 03:10:40 | 000,476,016 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012.07.30 18:40:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.12 17:13:44 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0) SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.11 15:31:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.11 15:31:17 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.11 15:31:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011.06.30 15:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.03.01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.01 16:44:50 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.03.01 16:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.10.11 02:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stop_Pending] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.08.01 20:13:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.11 15:31:23 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.11 15:31:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.01.05 01:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.30 15:26:56 | 000,442,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2011.03.01 16:43:08 | 000,242,336 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter) DRV - [2011.03.01 16:43:06 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV - [2011.03.01 16:43:06 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP) DRV - [2011.03.01 16:43:06 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV - [2011.03.01 16:43:06 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort) DRV - [2011.03.01 16:43:06 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS) DRV - [2011.03.01 16:43:04 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV - [2011.02.22 13:15:16 | 002,184,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.12.02 02:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.06.03 17:17:14 | 000,131,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ArcHlp.sys -- (archlp) DRV - [2009.04.27 14:15:04 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/14 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/14 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{026999E1-8FB3-4146-B4F9-DCB8F85514DD}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/14 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{026999E1-8FB3-4146-B4F9-DCB8F85514DD}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{2703B727-41C8-4B9E-9131-6EEC5A2027DA}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{8A36F4B3-BB54-4119-B211-87DFE2FA4AB2}: "URL" = hxxp://startingpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch IE - HKCU\..\SearchScopes\{8FAE096B-09C6-49E8-9246-8169CAA066F4}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8E66DC14-C668-4B51-AF3C-AE0645F0D78F}&mid=894a3b3d4d5b47d1850b3dd332a225b3-ef9cf92b341352dd1d6e29fc2a3ac1dae92ca3a2&lang=de&ds=tt014&pr=sa&d=2012-02-19 23:23:43&v=8.0.0.34&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{9C553897-466F-4C32-84D0-F5CD2BD0ACAA}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{9F1C130F-7001-493E-9A75-2A22598C8941}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=3ed999d2-8d77-4dab-8d30-5815f724e53f&apn_sauid=705E981D-63A5-4D23-9AEE-63046871AE73 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D4537CA7-2594-4EE2-AECD-D883110714B8}: "URL" = hxxp://go.gmx.at/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10397&locale=de_AT&apn_uid=3ed999d2-8d77-4dab-8d30-5815f724e53f&apn_ptnrs=^ABV&apn_sauid=705E981D-63A5-4D23-9AEE-63046871AE73&apn_dtid=^YYYYYY^YY^AT&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\duke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\duke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\duke\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\duke\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.07.12 14:07:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.26 01:23:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.26 01:23:09 | 000,000,000 | ---D | M] [2012.05.03 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\Extensions [2012.08.11 00:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\Firefox\Profiles\dspmrl1w.default\extensions [2012.08.24 13:59:40 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\duke\AppData\Roaming\mozilla\Firefox\Profiles\dspmrl1w.default\extensions\toolbar@ask.com [2012.08.08 18:05:02 | 000,000,853 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\11-suche.xml [2012.08.31 04:25:19 | 000,002,413 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\askcom.xml [2012.08.08 18:05:03 | 000,002,209 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\englische-ergebnisse.xml [2012.08.08 18:05:02 | 000,010,506 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\gmx-suche.xml [2012.08.08 18:05:02 | 000,002,368 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\lastminute.xml [2012.08.08 18:05:02 | 000,005,489 | ---- | M] () -- C:\Users\duke\AppData\Roaming\Mozilla\Firefox\Profiles\dspmrl1w.default\searchplugins\webde-suche.xml [2012.08.18 14:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.16 10:25:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.08.18 14:00:42 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2012.07.16 10:25:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.08.18 14:00:42 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM [2012.08.07 06:27:57 | 000,503,717 | ---- | M] () (No name found) -- C:\USERS\DUKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSPMRL1W.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2012.07.30 18:40:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.19 02:16:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.11 13:19:56 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.19 02:16:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.19 02:16:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 02:16:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 02:16:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 02:16:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00B6B17D-772C-4396-8250-663F5B28DCA9}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37DE948B-D5A5-4A9D-9412-A8D58DB5F9DA}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D8D2926-5E76-4A66-AFBA-9735DD69B77D}: DhcpNameServer = 10.19.40.1 O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\openvpntray.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9f94b006-615d-11e1-a55d-ec9a7446cc40}\Shell - "" = AutoRun O33 - MountPoints2\{9f94b006-615d-11e1-a55d-ec9a7446cc40}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{9f94b00b-615d-11e1-a55d-ec9a7446cc40}\Shell - "" = AutoRun O33 - MountPoints2\{9f94b00b-615d-11e1-a55d-ec9a7446cc40}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.31 12:54:56 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\duke\Desktop\OTL.exe [2012.08.31 06:30:05 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\AskToolbar [2012.08.30 20:00:56 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Hewlett-Packard_Company [2012.08.27 22:41:47 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Diagnostics [2012.08.27 13:41:19 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Roaming\Apple Computer [2012.08.26 01:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.08.26 01:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.08.26 01:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.08.26 01:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.08.26 01:12:02 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Apple [2012.08.26 01:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.08.26 01:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.08.21 13:38:13 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Hewlett-Packard [2012.08.19 15:48:46 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\CrashDumps [2012.08.18 21:09:50 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Boss Media [2012.08.18 17:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff [2012.08.18 14:15:45 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Adobe [2012.08.18 14:01:42 | 000,000,000 | ---D | C] -- C:\Hotspot Shield [2012.08.18 14:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield [2012.08.18 12:06:07 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Roaming\Malwarebytes [2012.08.18 12:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.18 12:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.18 12:05:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.18 12:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.18 10:53:46 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Macromedia [2012.08.16 04:26:34 | 000,000,000 | ---D | C] -- C:\7eeab87973784002bfd5583c10b74d [2012.08.11 00:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.11 00:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.08.01 20:13:42 | 000,035,560 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys ========== Files - Modified Within 30 Days ========== [2012.08.31 12:55:03 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\duke\Desktop\OTL.exe [2012.08.31 12:52:26 | 000,000,000 | ---- | M] () -- C:\Users\duke\defogger_reenable [2012.08.31 12:48:16 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.31 12:45:14 | 000,050,477 | ---- | M] () -- C:\Users\duke\Desktop\Defogger.exe [2012.08.31 12:16:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.31 01:46:52 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 01:46:52 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 01:38:22 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.31 01:37:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.31 01:37:51 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys [2012.08.30 23:48:10 | 000,658,478 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.30 23:48:10 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.30 23:48:10 | 000,130,950 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.30 23:48:10 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.29 01:54:13 | 000,024,213 | ---- | M] () -- C:\Users\duke\AppData\Roaming\UserTile.png [2012.08.28 07:47:55 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.08.26 01:22:30 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.08.18 14:34:33 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.08.18 12:05:25 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.17 10:31:19 | 000,267,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.14 15:45:27 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForduke.job [2012.08.01 20:13:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys ========== Files Created - No Company Name ========== [2012.08.31 12:52:26 | 000,000,000 | ---- | C] () -- C:\Users\duke\defogger_reenable [2012.08.31 12:45:09 | 000,050,477 | ---- | C] () -- C:\Users\duke\Desktop\Defogger.exe [2012.08.29 01:54:13 | 000,024,213 | ---- | C] () -- C:\Users\duke\AppData\Roaming\UserTile.png [2012.08.26 01:22:30 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.08.26 01:11:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.08.18 12:05:25 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.10 20:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011.07.16 07:07:09 | 000,658,478 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.07.16 07:07:09 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.07.16 07:07:09 | 000,130,950 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.07.16 07:07:09 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.03.03 22:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011.03.01 16:37:52 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin ========== LOP Check ========== [2012.03.06 22:51:41 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\1&1 Mail & Media GmbH [2012.03.06 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\AVG [2012.03.26 21:45:39 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\mquadr.at [2012.07.11 03:17:19 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\SoftGrid Client [2012.02.13 22:47:08 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\Synaptics [2012.07.10 16:32:25 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\TP [2012.05.05 19:00:03 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\TuneUp Software [2012.03.05 03:23:22 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\Windows Live Writer [2012.07.04 15:24:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > dann der Extra text:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.08.2012 12:58:53 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\duke\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1011,87 Mb Total Physical Memory | 281,47 Mb Available Physical Memory | 27,82% Memory free 2,00 Gb Paging File | 0,50 Gb Available in Paging File | 25,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,61 Gb Total Space | 163,19 Gb Free Space | 75,69% Space Free | Partition Type: NTFS Drive D: | 13,11 Gb Total Space | 1,45 Gb Free Space | 11,05% Space Free | Partition Type: NTFS Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,82% Space Free | Partition Type: FAT32 Computer Name: DUKE-HP | User Name: duke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1FD78B8A-324E-43FA-9296-B07DA5D951E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{23CE1920-F7D8-4FF1-8F53-3613F148F231}" = lport=138 | protocol=17 | dir=in | app=system | "{381027C2-3483-4460-AFFF-C1662900F5A3}" = lport=445 | protocol=6 | dir=in | app=system | "{4C57312D-2518-4098-86D5-BA42EC03EAD0}" = rport=138 | protocol=17 | dir=out | app=system | "{75CA2962-2FA9-482D-9983-2530C27E2BD9}" = rport=139 | protocol=6 | dir=out | app=system | "{8A0B4514-6669-4F27-A031-1A6B3D33B193}" = rport=445 | protocol=6 | dir=out | app=system | "{90605367-9F1C-407D-A255-1C38C2EC190D}" = lport=139 | protocol=6 | dir=in | app=system | "{9738C148-00B4-4C71-ADE9-C8191D1C13AB}" = rport=137 | protocol=17 | dir=out | app=system | "{C3A867C2-F7FE-4113-9850-AC50AA8E8784}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CF2D246B-4D1C-4876-AB41-0C681EE75C44}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DC3A1D18-BC0A-47E8-B5C9-7EFF9C3C43FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EF8E3C97-19DC-4B04-A882-78E664EA60A0}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{46621B37-AC30-4970-B0C7-37DC442A6C86}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6420D133-9F75-4A80-8516-FA4F829E8875}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{683022F9-DD29-49B1-AE39-6E1838DDE778}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{80791FAF-471E-4950-9229-71262BB2333A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C2B0EB1F-5717-49E9-8B3D-C55444B80FEF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{FF63FCE7-98BD-415B-8140-BD34526EBDC3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33 "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3598D33E-AF4E-4423-ABDD-9EA32D03D3DC}" = ArcSoft TotalMedia "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{6C4FBAF4-60A3-4BD2-BBA0-AAA3A4A6625E}" = HP Software Framework "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI "{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Mobiles Internet für unterwegs "{ADE91712-EDDE-4262-9EC2-691BAADA55D1}" = HP QuickWeb "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{CD63F5EF-A0DC-4E5E-8200-E5703531D649}" = HP Camera "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D4736E41-9A74-4000-BF3E-401812E5B395}" = HP Documentation "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar FF" = GMX MailCheck für Mozilla Firefox "1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "aonUpdate" = aonUpdate "ArcSoft TotalMedia" = ArcSoft TotalMedia "Avira AntiVir Desktop" = Avira Free Antivirus "HDMI" = Intel(R) Graphics Media Accelerator Driver "Highspeed-Internet-Installation" = Highspeed-Internet-Installation "HotspotShield" = Hotspot Shield 2.67 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Mobiles Internet für unterwegs" = Mobiles Internet für unterwegs "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities 2012" = TuneUp Utilities 2012 "WildTangent hp Master Uninstall" = HP Games "Win2day Poker" = Win2day Poker "WT087330" = Bounce Symphony "WT087361" = FATE "WT087374" = Jewel Quest - Heritage "WT087385" = JoJo's Fashion Show "WT087393" = Mah Jong Medley "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087408" = Skip-Bo - Castaway Caper "WT087409" = Tradewinds Legends "WT087467" = Dream Chronicles "WT087480" = Insaniquarium Deluxe "WT087490" = Jewel Quest Solitaire "WT087495" = Mahjongg Artifacts "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087519" = Wedding Dash "WT087536" = Diner Dash 2 Restaurant Rescue "WT089308" = Blasterball 3 "WT089328" = Farm Frenzy "WT089453" = Bejeweled 2 Deluxe "WT089454" = Chuzzle Deluxe "WT089455" = Zuma Deluxe "WT089458" = Plants vs. Zombies - Game of the Year "WT089484" = Namco All-Stars PAC-MAN "WT089493" = Fishdom ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.08.2012 09:48:42 | Computer Name = duke-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe, Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll, Version: 11.3.300.271, Zeitstempel: 0x502701bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0066e60f ID des fehlerhaften Prozesses: 0xf40 Startzeit der fehlerhaften Anwendung: 0x01cd7e10e065cadf Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll Berichtskennung: 95ed4dae-ea04-11e1-a28b-ec9a7446cc40 Error - 19.08.2012 10:02:29 | Computer Name = duke-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe, Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll, Version: 11.3.300.271, Zeitstempel: 0x502701bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x003159e3 ID des fehlerhaften Prozesses: 0x156c Startzeit der fehlerhaften Anwendung: 0x01cd7e12155d59b5 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll Berichtskennung: 82dac5a4-ea06-11e1-a28b-ec9a7446cc40 Error - 19.08.2012 19:07:33 | Computer Name = duke-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: openvpnas.exe, Version: 0.0.0.0, Zeitstempel: 0x501b2507 Name des fehlerhaften Moduls: openvpnas.exe, Version: 0.0.0.0, Zeitstempel: 0x501b2507 Ausnahmecode: 0x40000015 Fehleroffset: 0x0004961e ID des fehlerhaften Prozesses: 0x1684 Startzeit der fehlerhaften Anwendung: 0x01cd7e0e70823b5a Pfad der fehlerhaften Anwendung: C:\Program Files\Hotspot Shield\bin\openvpnas.exe Pfad des fehlerhaften Moduls: C:\Program Files\Hotspot Shield\bin\openvpnas.exe Berichtskennung: a82108ca-ea52-11e1-a28b-ec9a7446cc40 Error - 19.08.2012 20:50:52 | Computer Name = duke-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: STacSV.exe, Version: 1.0.6351.0, Zeitstempel: 0x4e0d34f6 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc000000d Fehleroffset: 0x00097c41 ID des fehlerhaften Prozesses: 0x3f0 Startzeit der fehlerhaften Anwendung: 0x01cd7d979a029ce0 Pfad der fehlerhaften Anwendung: C:\Program Files\IDT\WDM\STacSV.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 16ee8b8e-ea61-11e1-a28b-ec9a7446cc40 Error - 20.08.2012 06:48:47 | Computer Name = duke-HP | Source = WinMgmt | ID = 10 Description = Error - 20.08.2012 09:50:58 | Computer Name = duke-HP | Source = hshld | ID = 10103 Description = Error - 20.08.2012 12:44:46 | Computer Name = duke-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe, Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll, Version: 11.3.300.271, Zeitstempel: 0x502701bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0049110b ID des fehlerhaften Prozesses: 0x1748 Startzeit der fehlerhaften Anwendung: 0x01cd7ef2f4a5e014 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll Berichtskennung: 5901461d-eae6-11e1-91e5-ec9a7446cc40 Error - 21.08.2012 05:52:07 | Computer Name = duke-HP | Source = WinMgmt | ID = 10 Description = Error - 21.08.2012 12:31:39 | Computer Name = duke-HP | Source = WinMgmt | ID = 10 Description = Error - 22.08.2012 03:28:43 | Computer Name = duke-HP | Source = WinMgmt | ID = 10 Description = [ Hewlett-Packard Events ] Error - 11.07.2012 12:10:31 | Computer Name = duke-HP | Source = HPSFMsgr.exe | ID = 4000 Description = Error - 11.07.2012 14:22:13 | Computer Name = duke-HP | Source = HPSFMsgr.exe | ID = 4000 Description = Error - 12.07.2012 09:35:22 | Computer Name = duke-HP | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HPSFConfigReader.ConfigHelper.loadXML() bei HPSFConfigReader.ConfigHelper..ctor() bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean isOnAppLoad) Message: Eine Ausnahme vom Typ "System.Exception" wurde ausgelöst. StackTrace: bei HPSFConfigReader.ConfigHelper.loadXML() bei HPSFConfigReader.ConfigHelper..ctor() bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void loadXML() Error - 12.07.2012 09:36:33 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect() Error - 17.07.2012 07:15:12 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect() Error - 24.07.2012 07:43:38 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect() Error - 31.07.2012 11:37:28 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect() Error - 07.08.2012 09:19:23 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect() Error - 08.08.2012 13:15:44 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect() Error - 14.08.2012 07:47:35 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect() [ HP Connection Manager Events ] Error - 16.08.2012 19:51:49 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/17 01:51:49.000|000015C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 16.08.2012 19:52:48 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/17 01:52:48.077|000015C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 16.08.2012 19:53:48 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/17 01:53:48.075|000015C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 17.08.2012 20:57:08 | Computer Name = duke-HP | Source = hpMobile | ID = 5 Description = 2012.08.18 02:57:04.676|0000115C|Error |[HP.Mobile]Wwan::a{void()}| Error - 17.08.2012 21:25:47 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/18 03:25:47.114|00001278|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.08.2012 07:17:26 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/18 13:17:26.482|000016C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.08.2012 07:17:35 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/18 13:17:35.670|000016C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.08.2012 11:24:37 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/18 17:24:37.761|000017C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.08.2012 11:24:46 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/18 17:24:46.076|000017C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 18.08.2012 18:54:07 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/19 00:54:07.599|000015C8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ System Events ] Error - 30.06.2012 09:07:54 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 30.06.2012 10:22:52 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht. Error - 30.06.2012 10:23:10 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 30.06.2012 11:40:46 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst hpqwmiex erreicht. Error - 30.06.2012 11:41:01 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 30.06.2012 12:48:11 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht. Error - 30.06.2012 12:48:28 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 30.06.2012 14:46:05 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 01.07.2012 03:45:52 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 01.07.2012 03:46:33 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom < End of report > Hoffe das reicht mal fürs erste. Und noch was diese Viren habe ich bei Avira in Quarantäne : EXP/JAVA.Niabil.Gen JAVA/Dldr.Lamar.DC TR/Kazy.80681 TR/Kazy.80681 ADWARE/Yontoo.uela ADWARE/Yontoo.uela Hmmm warum will mir hier denn keiner helfen??? Versteh ich ned ganz ! |
04.09.2012, 22:07 | #2 |
/// Selecta Jahrusso | Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsamDeinstalliere einfach mal Avira. Hier 2 Alternativen. Bitte downloade und Installiere Dir eines der folgenden AVPs. Berichte mal. btw: Die Funde von Malwarebytes sind schnuppe.
__________________ |
04.09.2012, 22:57 | #3 |
| Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam Hallo!
__________________Habe grade die überprüfung mit avast gestartet! Also die Schnellprüfung hat keinen Virus gefunden! Also die Schnellprüfung hat keinen virus gefunden! Also habe auch a vollständige Systemüberprüfung gemacht und die hat auch nichts gefunden allerdings konnte sie nicht alles dursuchen da einige dateien passwortgeschützt sind! Versteh ich ned warum!Habe den Test ja als Admin gemacht! Also habe auch a vollständige Systemüberprüfung gemacht und die hat auch nichts gefunden allerdings konnte sie nicht alles dursuchen da einige dateien passwortgeschützt sind! Versteh ich ned warum!Habe den Test ja als Admin gemacht! |
06.09.2012, 00:01 | #4 |
/// Selecta Jahrusso | Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam Pc immer noch langsam ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
06.09.2012, 22:13 | #5 |
| Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam Pc läuft wieder normal! Habe noch ne frage hatte vor längerer Zeit auch mal den Polizeivirus am Pc ging aber auf einmal weg! Kannst du vielleicht schauen ob da nicht noch Trojaner oder so sind! Mfg |
07.09.2012, 13:02 | #6 |
/// Selecta Jahrusso | Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________ --> Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam |
10.09.2012, 14:07 | #7 |
| Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam hier die OTL DateienOTL Logfile: Code:
ATTFilter OTL logfile created on: 10.09.2012 14:48:23 - Run 2 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\everel\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1011,87 Mb Total Physical Memory | 160,77 Mb Available Physical Memory | 15,89% Memory free 1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,61 Gb Total Space | 161,19 Gb Free Space | 74,76% Space Free | Partition Type: NTFS Drive D: | 13,11 Gb Total Space | 1,45 Gb Free Space | 11,05% Space Free | Partition Type: NTFS Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,82% Space Free | Partition Type: FAT32 Computer Name: DUKE-HP | User Name: duke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.10 14:26:42 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\everel\Downloads\OTL.exe PRC - [2012.09.09 15:44:01 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe PRC - [2011.07.16 07:18:35 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.06.30 15:26:56 | 001,138,780 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2011.06.30 15:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.08 10:13:00 | 000,078,904 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.03.28 17:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe PRC - [2011.03.01 16:44:50 | 000,138,400 | ---- | M] (Atheros) -- C:\Programme\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.03.01 16:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) -- C:\Programme\Bluetooth Suite\AdminService.exe PRC - [2011.02.15 16:48:56 | 002,913,336 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe PRC - [2011.02.15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011.01.27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.11 02:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe PRC - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.09.09 15:43:59 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.13 20:40:21 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll MOD - [2012.06.13 20:16:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012.06.13 20:15:21 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.13 20:14:40 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.13 20:13:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.13 20:13:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.13 20:13:14 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.05.29 16:47:36 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2012.05.22 21:30:08 | 000,077,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll MOD - [2012.05.22 21:30:07 | 000,092,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll MOD - [2012.05.11 21:26:16 | 001,917,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll MOD - [2012.05.11 21:25:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll MOD - [2012.05.11 21:25:06 | 009,921,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll MOD - [2012.05.11 21:22:05 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.05.11 21:20:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll MOD - [2012.05.11 21:18:35 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.11 21:18:33 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012.05.11 21:16:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 21:15:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 21:15:10 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll MOD - [2012.05.11 21:15:08 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012.05.11 21:15:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.11 21:11:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.11 21:10:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 21:10:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 21:09:59 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 21:09:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.07.16 07:04:54 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\System.Data.Entity.resources.dll MOD - [2011.07.16 07:04:17 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2011.07.16 07:04:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.20 23:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.06.24 03:21:04 | 000,904,704 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV - [2012.09.09 15:43:59 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.15 21:19:54 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.01.17 23:22:00 | 000,077,520 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService) SRV - [2012.01.17 23:18:54 | 000,331,608 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011.06.30 15:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.03.01 16:44:50 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.03.01 16:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2011.02.15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.10.11 02:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.01.05 01:01:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv) DRV - [2012.01.05 01:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2011.06.30 15:26:56 | 000,442,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2011.03.01 16:43:08 | 000,242,336 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter) DRV - [2011.03.01 16:43:06 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV - [2011.03.01 16:43:06 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP) DRV - [2011.03.01 16:43:06 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV - [2011.03.01 16:43:06 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort) DRV - [2011.03.01 16:43:06 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS) DRV - [2011.03.01 16:43:04 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV - [2011.02.22 13:15:16 | 002,184,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.12.02 02:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.09.19 16:52:42 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.06.03 17:17:14 | 000,131,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ArcHlp.sys -- (archlp) DRV - [2009.04.27 14:15:04 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/14 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/14 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{026999E1-8FB3-4146-B4F9-DCB8F85514DD}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/14 IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{026999E1-8FB3-4146-B4F9-DCB8F85514DD}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{2703B727-41C8-4B9E-9131-6EEC5A2027DA}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{8A36F4B3-BB54-4119-B211-87DFE2FA4AB2}: "URL" = hxxp://startingpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{8FAE096B-09C6-49E8-9246-8169CAA066F4}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8E66DC14-C668-4B51-AF3C-AE0645F0D78F}&mid=894a3b3d4d5b47d1850b3dd332a225b3-ef9cf92b341352dd1d6e29fc2a3ac1dae92ca3a2&lang=de&ds=tt014&pr=sa&d=2012-02-19 23:23:43&v=8.0.0.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{9C553897-466F-4C32-84D0-F5CD2BD0ACAA}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{9F1C130F-7001-493E-9A75-2A22598C8941}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=3ed999d2-8d77-4dab-8d30-5815f724e53f&apn_sauid=705E981D-63A5-4D23-9AEE-63046871AE73 IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{D4537CA7-2594-4EE2-AECD-D883110714B8}: "URL" = hxxp://go.gmx.at/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/14 IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/14 IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{026999E1-8FB3-4146-B4F9-DCB8F85514DD}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{189324C5-A274-4268-9BBC-0A8F8FB46D64}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{2B801DB2-51BF-4E06-87B8-3C1DD63B6E4F}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{2C383474-4FB8-4880-BE69-06C220D0F244}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{5079E31D-F197-4DF8-A598-352B24D983CD}: "URL" = hxxp://go.gmx.at/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{9D009558-FA8A-465D-AAB2-EE52371CDAF9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=3ed999d2-8d77-4dab-8d30-5815f724e53f&apn_sauid=705E981D-63A5-4D23-9AEE-63046871AE73 IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.2 FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10397&locale=de_AT&apn_uid=3ed999d2-8d77-4dab-8d30-5815f724e53f&apn_ptnrs=^ABV&apn_sauid=705E981D-63A5-4D23-9AEE-63046871AE73&apn_dtid=^YYYYYY^YY^AT&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\duke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\duke\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\duke\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\duke\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.04 23:53:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 15:44:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 15:44:01 | 000,000,000 | ---D | M] [2012.05.03 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\Extensions [2012.09.04 20:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\Firefox\Profiles\dspmrl1w.default\extensions [2012.08.07 06:27:57 | 000,503,717 | ---- | M] () (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\extensions\toolbar@gmx.net.xpi [2012.07.25 15:17:52 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.08 18:05:02 | 000,000,853 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\11-suche.xml [2012.09.01 14:50:03 | 000,002,413 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\askcom.xml [2012.08.08 18:05:03 | 000,002,209 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\englische-ergebnisse.xml [2012.08.08 18:05:02 | 000,010,506 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\gmx-suche.xml [2012.08.08 18:05:02 | 000,002,368 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\lastminute.xml [2012.08.08 18:05:02 | 000,005,489 | ---- | M] () -- C:\Users\duke\AppData\Roaming\mozilla\firefox\profiles\dspmrl1w.default\searchplugins\webde-suche.xml [2012.07.16 10:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.16 10:25:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.04 20:08:07 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2012.07.16 10:25:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.04 20:08:07 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM [2012.09.09 15:44:01 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.19 02:16:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 18:10:29 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.09 15:43:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.19 02:16:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 02:16:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 02:16:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 02:16:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-3498557078-2271722321-3906987056-1001\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKU\S-1-5-21-3498557078-2271722321-3906987056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37DE948B-D5A5-4A9D-9412-A8D58DB5F9DA}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\openvpntray.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9f94b006-615d-11e1-a55d-ec9a7446cc40}\Shell - "" = AutoRun O33 - MountPoints2\{9f94b006-615d-11e1-a55d-ec9a7446cc40}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{9f94b00b-615d-11e1-a55d-ec9a7446cc40}\Shell - "" = AutoRun O33 - MountPoints2\{9f94b00b-615d-11e1-a55d-ec9a7446cc40}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.09 19:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.09.05 16:24:13 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.09.05 01:37:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.05 01:37:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.05 01:37:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.05 01:37:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.05 01:37:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.05 01:37:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.05 01:37:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.04 23:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.09.04 23:42:01 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.09.04 23:42:01 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.09.04 23:41:59 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2012.09.04 23:41:58 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.09.04 23:41:54 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.09.04 23:41:54 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.09.04 23:41:20 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.09.04 23:41:19 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.09.04 23:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.09.04 23:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.09.04 21:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\win2day Poker [2012.09.04 20:19:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.09.04 19:43:49 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.09.04 04:08:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Hotspot Shield [2012.09.02 17:58:26 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\ElevatedDiagnostics [2012.09.01 00:25:03 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Roaming\VSO [2012.08.27 22:41:47 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Diagnostics [2012.08.27 13:41:19 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Roaming\Apple Computer [2012.08.26 01:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.08.26 01:12:02 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Apple [2012.08.26 01:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.08.19 15:48:46 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\CrashDumps [2012.08.18 17:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff [2012.08.18 14:15:45 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Adobe [2012.08.18 14:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield [2012.08.18 12:06:07 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Roaming\Malwarebytes [2012.08.18 12:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.18 12:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.18 10:53:46 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\Macromedia [2012.08.16 04:35:51 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.16 04:26:34 | 000,000,000 | ---D | C] -- C:\7eeab87973784002bfd5583c10b74d [2012.08.15 23:43:58 | 000,000,000 | ---D | C] -- C:\Users\duke\AppData\Local\AskToolbar ========== Files - Modified Within 30 Days ========== [2012.09.10 14:48:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.10 14:29:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3498557078-2271722321-3906987056-1000UA.job [2012.09.10 14:16:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.10 14:14:14 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.10 14:14:14 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.10 14:08:23 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.10 14:06:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.10 14:06:32 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys [2012.09.09 21:59:30 | 000,658,478 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.09 21:59:30 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.09 21:59:30 | 000,130,950 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.09 21:59:30 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.09 18:34:47 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3498557078-2271722321-3906987056-1000Core.job [2012.09.06 10:02:33 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.09.05 16:17:50 | 000,267,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.04 23:53:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.09.04 23:42:02 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.09.04 21:47:26 | 000,001,167 | ---- | M] () -- C:\Users\Public\Desktop\win2day Poker.lnk [2012.09.04 20:34:36 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.31 12:52:26 | 000,000,000 | ---- | M] () -- C:\Users\duke\defogger_reenable [2012.08.29 01:54:13 | 000,024,213 | ---- | M] () -- C:\Users\duke\AppData\Roaming\UserTile.png [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.08.15 21:19:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.15 21:19:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.14 15:45:27 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForduke.job ========== Files Created - No Company Name ========== [2012.09.04 23:42:02 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.09.04 21:47:26 | 000,001,167 | ---- | C] () -- C:\Users\Public\Desktop\win2day Poker.lnk [2012.08.31 15:55:57 | 026,917,317 | ---- | C] () -- C:\Users\duke\Desktop\Saudi Drifft.mp4 [2012.08.31 12:52:26 | 000,000,000 | ---- | C] () -- C:\Users\duke\defogger_reenable [2012.08.29 01:54:13 | 000,024,213 | ---- | C] () -- C:\Users\duke\AppData\Roaming\UserTile.png [2012.04.10 20:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011.07.16 07:07:09 | 000,658,478 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.07.16 07:07:09 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.07.16 07:07:09 | 000,130,950 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.07.16 07:07:09 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.03.03 22:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011.03.01 16:37:52 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin ========== LOP Check ========== [2012.09.01 21:04:36 | 000,000,000 | ---D | M] -- C:\Users\doimbin\AppData\Roaming\Synaptics [2012.09.03 01:24:29 | 000,000,000 | ---D | M] -- C:\Users\doimbin\AppData\Roaming\TuneUp Software [2012.03.06 22:51:41 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\1&1 Mail & Media GmbH [2012.03.06 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\AVG [2012.03.26 21:45:39 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\mquadr.at [2012.07.11 03:17:19 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\SoftGrid Client [2012.02.13 22:47:08 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\Synaptics [2012.07.10 16:32:25 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\TP [2012.05.05 19:00:03 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\TuneUp Software [2012.09.01 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\VSO [2012.03.05 03:23:22 | 000,000,000 | ---D | M] -- C:\Users\duke\AppData\Roaming\Windows Live Writer [2012.09.04 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\everel\AppData\Roaming\Synaptics [2012.09.04 21:18:47 | 000,000,000 | ---D | M] -- C:\Users\everel\AppData\Roaming\TuneUp Software [2012.07.04 15:24:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.09.2012 14:48:23 - Run 2 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\everel\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1011,87 Mb Total Physical Memory | 160,77 Mb Available Physical Memory | 15,89% Memory free 1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,61 Gb Total Space | 161,19 Gb Free Space | 74,76% Space Free | Partition Type: NTFS Drive D: | 13,11 Gb Total Space | 1,45 Gb Free Space | 11,05% Space Free | Partition Type: NTFS Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,82% Space Free | Partition Type: FAT32 Computer Name: DUKE-HP | User Name: duke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3498557078-2271722321-3906987056-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1FD78B8A-324E-43FA-9296-B07DA5D951E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{23CE1920-F7D8-4FF1-8F53-3613F148F231}" = lport=138 | protocol=17 | dir=in | app=system | "{381027C2-3483-4460-AFFF-C1662900F5A3}" = lport=445 | protocol=6 | dir=in | app=system | "{4C57312D-2518-4098-86D5-BA42EC03EAD0}" = rport=138 | protocol=17 | dir=out | app=system | "{75CA2962-2FA9-482D-9983-2530C27E2BD9}" = rport=139 | protocol=6 | dir=out | app=system | "{8A0B4514-6669-4F27-A031-1A6B3D33B193}" = rport=445 | protocol=6 | dir=out | app=system | "{90605367-9F1C-407D-A255-1C38C2EC190D}" = lport=139 | protocol=6 | dir=in | app=system | "{9738C148-00B4-4C71-ADE9-C8191D1C13AB}" = rport=137 | protocol=17 | dir=out | app=system | "{C3A867C2-F7FE-4113-9850-AC50AA8E8784}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CF2D246B-4D1C-4876-AB41-0C681EE75C44}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DC3A1D18-BC0A-47E8-B5C9-7EFF9C3C43FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EF8E3C97-19DC-4B04-A882-78E664EA60A0}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{46621B37-AC30-4970-B0C7-37DC442A6C86}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6420D133-9F75-4A80-8516-FA4F829E8875}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{683022F9-DD29-49B1-AE39-6E1838DDE778}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{80791FAF-471E-4950-9229-71262BB2333A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FF63FCE7-98BD-415B-8140-BD34526EBDC3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33 "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3598D33E-AF4E-4423-ABDD-9EA32D03D3DC}" = ArcSoft TotalMedia "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{6C4FBAF4-60A3-4BD2-BBA0-AAA3A4A6625E}" = HP Software Framework "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager "{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI "{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Mobiles Internet für unterwegs "{ADE91712-EDDE-4262-9EC2-691BAADA55D1}" = HP QuickWeb "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{CD63F5EF-A0DC-4E5E-8200-E5703531D649}" = HP Camera "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D4736E41-9A74-4000-BF3E-401812E5B395}" = HP Documentation "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar FF" = GMX MailCheck für Mozilla Firefox "1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "aonUpdate" = aonUpdate "ArcSoft TotalMedia" = ArcSoft TotalMedia "avast" = avast! Free Antivirus "HDMI" = Intel(R) Graphics Media Accelerator Driver "Highspeed-Internet-Installation" = Highspeed-Internet-Installation "HotspotShield" = Hotspot Shield 2.25 "Mobiles Internet für unterwegs" = Mobiles Internet für unterwegs "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities 2012" = TuneUp Utilities 2012 "WildTangent hp Master Uninstall" = HP Games "Win2day Poker" = Win2day Poker "win2day Poker " = win2day Poker "WT087330" = Bounce Symphony "WT087361" = FATE "WT087374" = Jewel Quest - Heritage "WT087385" = JoJo's Fashion Show "WT087393" = Mah Jong Medley "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087408" = Skip-Bo - Castaway Caper "WT087409" = Tradewinds Legends "WT087467" = Dream Chronicles "WT087480" = Insaniquarium Deluxe "WT087490" = Jewel Quest Solitaire "WT087495" = Mahjongg Artifacts "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087519" = Wedding Dash "WT087536" = Diner Dash 2 Restaurant Rescue "WT089308" = Blasterball 3 "WT089328" = Farm Frenzy "WT089453" = Bejeweled 2 Deluxe "WT089454" = Chuzzle Deluxe "WT089455" = Zuma Deluxe "WT089458" = Plants vs. Zombies - Game of the Year "WT089484" = Namco All-Stars PAC-MAN "WT089493" = Fishdom ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3498557078-2271722321-3906987056-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.08.2012 20:05:48 | Computer Name = duke-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe, Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll, Version: 11.3.300.271, Zeitstempel: 0x502701bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x003159e3 ID des fehlerhaften Prozesses: 0xd14 Startzeit der fehlerhaften Anwendung: 0x01cd8643293b1587 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll Berichtskennung: 734d8b79-f236-11e1-bf89-ec9a7446cc40 Error - 29.08.2012 20:07:12 | Computer Name = duke-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe, Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll, Version: 11.3.300.271, Zeitstempel: 0x502701bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0049110b ID des fehlerhaften Prozesses: 0xe50 Startzeit der fehlerhaften Anwendung: 0x01cd86433c73de04 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll Berichtskennung: a5a27f83-f236-11e1-bf89-ec9a7446cc40 Error - 29.08.2012 20:24:40 | Computer Name = duke-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe, Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll, Version: 11.3.300.271, Zeitstempel: 0x502701bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0049110b ID des fehlerhaften Prozesses: 0x1730 Startzeit der fehlerhaften Anwendung: 0x01cd8643700b41d7 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll Berichtskennung: 16253665-f239-11e1-bf89-ec9a7446cc40 Error - 29.08.2012 23:13:06 | Computer Name = duke-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe, Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll, Version: 11.3.300.271, Zeitstempel: 0x502701bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x000ceb63 ID des fehlerhaften Prozesses: 0x510 Startzeit der fehlerhaften Anwendung: 0x01cd865a6dd7c0df Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll Berichtskennung: 9dcb5af6-f250-11e1-bf89-ec9a7446cc40 Error - 30.08.2012 10:34:10 | Computer Name = duke-HP | Source = WinMgmt | ID = 10 Description = Error - 30.08.2012 19:38:37 | Computer Name = duke-HP | Source = WinMgmt | ID = 10 Description = Error - 31.08.2012 07:40:37 | Computer Name = duke-HP | Source = Application Hang | ID = 1002 Description = Programm mbam.exe, Version 1.62.0.87 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1f58 Startzeit: 01cd87492a3cd6f9 Endzeit: 303 Anwendungspfad: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Berichts-ID: aa8f97a2-f360-11e1-a8b1-ec9a7446cc40 Error - 31.08.2012 07:48:45 | Computer Name = duke-HP | Source = WinMgmt | ID = 10 Description = Error - 31.08.2012 12:18:58 | Computer Name = duke-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514, Zeitstempel: 0x4ce792c4 Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4f8f8aa7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x5af7aae9 ID des fehlerhaften Prozesses: 0x8c8 Startzeit der fehlerhaften Anwendung: 0x01cd87945077b860 Pfad der fehlerhaften Anwendung: C:\Windows\system32\MsiExec.exe Pfad des fehlerhaften Moduls: QuickTime.qts Berichtskennung: 90a7d2e5-f387-11e1-85ac-ec9a7446cc40 Error - 31.08.2012 14:48:34 | Computer Name = duke-HP | Source = WinMgmt | ID = 10 Description = [ Hewlett-Packard Events ] Error - 24.07.2012 07:43:38 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect() Error - 31.07.2012 11:37:28 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect() Error - 07.08.2012 09:19:23 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect() Error - 08.08.2012 13:15:44 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 90 TargetSite: Void UpdateAndDetect() Error - 14.08.2012 07:47:35 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect() Error - 21.08.2012 07:40:27 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect() Error - 04.09.2012 10:23:06 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect() Error - 04.09.2012 11:01:55 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect() Error - 04.09.2012 11:08:07 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 70 TargetSite: Void UpdateAndDetect() Error - 04.09.2012 11:14:02 | Computer Name = duke-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 1011 Ram Utilization: 80 TargetSite: Void UpdateAndDetect() [ HP Connection Manager Events ] Error - 14.08.2012 09:42:34 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/14 15:42:34.730|000015F0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 14.08.2012 09:42:36 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/14 15:42:36.930|000015F0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 14.08.2012 15:45:27 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/14 21:45:27.505|00000CAC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 14.08.2012 16:22:20 | Computer Name = duke-HP | Source = hpMobile | ID = 5 Description = 2012.08.14 22:22:19.986|00000DC8|Error |[HP.Mobile]RasHelper::IsConnected{bool(string)}|Called with empty name Error - 15.08.2012 15:43:09 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/15 21:43:09.237|000006D4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15.08.2012 15:43:25 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/15 21:43:25.187|000006D4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15.08.2012 15:43:26 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/15 21:43:26.123|000006D4|Error |CWLAN::StateChanged|Fire_StateChanged failed [hr:0x800706BA] Error - 15.08.2012 22:01:45 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/16 04:01:45.256|00000A84|Error |CWLAN::StateChanged|Fire_StateChanged failed [hr:0x800706BA] Error - 15.08.2012 23:07:10 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/16 05:07:10.994|000013E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15.08.2012 23:07:11 | Computer Name = duke-HP | Source = hpCMSrv | ID = 5 Description = 2012/08/16 05:07:11.821|000013E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ System Events ] Error - 30.06.2012 09:07:54 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 30.06.2012 10:22:52 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht. Error - 30.06.2012 10:23:10 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 30.06.2012 11:40:46 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst hpqwmiex erreicht. Error - 30.06.2012 11:41:01 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 30.06.2012 12:48:11 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht. Error - 30.06.2012 12:48:28 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 30.06.2012 14:46:05 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 01.07.2012 03:45:52 | Computer Name = duke-HP | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 01.07.2012 03:46:33 | Computer Name = duke-HP | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom < End of report > Und alles ok? |
10.09.2012, 21:09 | #8 |
/// Selecta Jahrusso | Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam Ich sehe das Du sogenannte Registry Cleaner am System hast. In deinem Fall TuneUP. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
17.09.2012, 13:34 | #9 |
/// Selecta Jahrusso | Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
07.10.2012, 16:36 | #10 |
/// Selecta Jahrusso | Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
27.10.2012, 15:39 | #11 |
/// Selecta Jahrusso | Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
Themen zu Probleme fingen mit Avira update an!Konnte asktoolbar nicht entfernen!Pc langsam |
antivir, asktoolbar, avg secure search, avira, avira searchfree toolbar, bho, bingbar, cid, diner dash, dringend, entfernen, error, failed, firefox, flash player, format, helper, hotspot, index, install.exe, installation, langsam, launch, logfile, mozilla, ntdll.dll, object, origin, plug-in, pup.bundleoffers.iiq, realtek, registry, rundll, secure search, security, sehr langsam, software, svchost.exe, usb 2.0, vtoolbarupdater, warum, wildtangent games, windows, yontoo |