| |
| |||||||
Log-Analyse und Auswertung: Mehrere Trojaner entfernt - ist mein Rechner nun sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.09.2012, 19:09
| #1 |
| |  Mehrere Trojaner entfernt - ist mein Rechner nun sauber? Hallo Forum! ich hatte die beiden folgenden Schädlinge auf dem Rechner: - Variante von Java/Exploit.CVE-2011-3544.BQ Trojaner - JS/Kryptik.VK Trojaner nun läuft mein Rechner weiterhin recht langsam und ich bin mir unsicher ob ich mir nicht mehr eingefangen habe. Wäre klasse wenn sich jemand mal meine Logs anschaut: PC-Datenblatt: Betriebsystemname Microsoft Windows 7 Home Premium Version 6.1.7600 Build 7600 Weitere Betriebsystembeschreibung Nicht verfügbar Betriebsystemhersteller Microsoft Corporation Systemname ****BOOK Systemhersteller Hewlett-Packard Systemmodell HP ProBook 4720s Systemtyp x64-basierter PC Prozessor Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz, 2534 MHz, 2 Kern(e), 4 logische(r) Prozessor(en) BIOS-Version/-Datum Hewlett-Packard 68AZZ Ver. F.20, 08.09.2011 SMBIOS-Version 2.6 Windows-Verzeichnis C:\windows Systemverzeichnis C:\windows\system32 Startgerät \Device\HarddiskVolume1 Gebietsschema Deutschland Hardwareabstraktionsebene Version = "6.1.7600.16416" Benutzername MatsBook\Mats Zeitzone Mitteleuropäische Sommerzeit Installierter physikalischer Speicher (RAM) 4,00 GB Gesamter realer Speicher 3,86 GB Verfügbarer realer Speicher 1,85 GB Gesamter virtueller Speicher 7,72 GB Verfügbarer virtueller Speicher 5,16 GB Größe der Auslagerungsdatei 3,86 GB Auslagerungsdatei C:\pagefile.sys --------------------------------------------------------------- OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 9/23/2012 7:53:57 PM - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\****\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 55.47% Memory free
7.72 Gb Paging File | 5.38 Gb Available in Paging File | 69.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.47 Gb Total Space | 208.87 Gb Free Space | 46.57% Space Free | Partition Type: NTFS
Drive D: | 5.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.52% Space Free | Partition Type: FAT32
Computer Name: ****BOOK | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C492F9-69AE-4359-93EF-773B12655181}" = lport=137 | protocol=17 | dir=in | app=system |
"{089F003B-FC26-414C-8097-5DA9F767F114}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1234B874-730A-464F-B3BA-E604AED6858C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{15716A04-929C-4853-BBC4-0207F5271AF4}" = lport=445 | protocol=6 | dir=in | app=system |
"{245E8812-C7CF-42B6-B415-88919DFB1B2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35AAE7DF-4A73-456A-AC38-793FDA552D04}" = rport=138 | protocol=17 | dir=out | app=system |
"{35CB1CA5-A13D-4CC0-A428-54529690292A}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E9AD0E4-F572-43FA-912E-11B5DB112E73}" = lport=138 | protocol=17 | dir=in | app=system |
"{4234010D-6CB1-4F75-ADF9-21BB3D9F7F5A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44CA7A59-3550-4C3F-BB24-C25C304107AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{5689F5FC-6ED5-497F-9767-7C8BFB0A9202}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{618B25F7-5A21-4699-822A-F7F9D5368C1A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{6CDB9DCD-A335-454A-9141-9AF0DBC2D9B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71979DB2-143F-4B64-9FB5-6BABC8843149}" = lport=2869 | protocol=6 | dir=in | app=system |
"{88764504-987D-4DBC-A15D-91D294AB54CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{89114CE1-89C9-4D40-A055-3BC370AB0E2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A10B3AB1-39C6-4946-BE0A-ACC606064477}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B23F079F-4113-40E1-8D62-26DDB2A08D2E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B4F9E6EB-0DA7-4B6F-A3D3-1BA7B06327D5}" = lport=139 | protocol=6 | dir=in | app=system |
"{C1B12EC5-D363-4590-B8BB-A24160FADD03}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD15EAF0-683F-47AB-A4AF-B6CAA6C0E3DC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0D9948E-2324-4298-8081-662BE3D93B62}" = rport=445 | protocol=6 | dir=out | app=system |
"{E191B355-8B34-4BE3-9D16-C655F872EC07}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E343B0E5-D780-4F0C-90AA-53C8406B2740}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ACAFA9D-6626-40AF-A9F3-EC55B50C6251}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{10F591CA-6AA4-4F32-95DC-ACBDAEC0473D}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{18DD5A5A-48A1-4C57-9D13-2175F875B10A}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{1BE9630A-0DF4-43AB-82BE-7617C7D8FB8B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2301A6BD-5DC5-444D-AB08-D6FBE2675D94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26C1B0C2-56A9-4C2E-9386-CF74C52644C8}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{2C8F6A8F-1987-4C75-86B0-24C0D477AC99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3538E7F7-7220-4247-866D-1133448C9467}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35A6A1A0-E7D3-4511-9F2D-DEF49435F1C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B3C74E3-B80D-4D9B-BC9F-94F2B36F6EB3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3C95576E-AB3A-4521-AD14-3AECF952690C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{473E50A2-6BE6-4B96-BF8E-B328B664A31D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F0ABED1-242D-422B-ACD1-9AC485345677}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4FE5F780-6AC9-41CC-92DB-2343EBAFB25E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5820E33D-A35C-42D8-8833-49F7DC04711B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B05BDCF-879A-4096-A8B5-1EC259986CDE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{5B8F6BAC-0F14-4C1E-A46F-6724684CE7D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{60EC38C2-BFF8-42D6-A83C-E90757C7B4C8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{6B7925E3-056F-40E2-BC74-4B6EE2865A72}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6F5E1055-D368-498F-BD35-E1E0450879B9}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{88190115-3E7F-493D-9637-68FC58B445BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9BD18D9F-C733-4FE5-98C8-E2CA31A52E0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A51461D1-3A55-4123-B745-13BE3259C487}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB3086F9-2820-4954-B495-059C7D78F875}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{AC3B9DE0-7C4F-4D3F-9A89-2AEA9AFCB688}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{B065A108-0CF2-45D4-9176-97DBA20FDDA2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0CCD63A-CF25-4948-818A-FF685E755E09}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{B6F4615A-A8DC-4791-8E32-C42110D0BDC1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C86471DB-C066-41A4-98F0-989C2CA3FE32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D208CEAF-B2B3-4AD5-B82C-C12F7B48F8BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D43AF34F-9F92-4B1A-97E7-FDCF94868C76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E689DBBA-863B-4A64-AE54-71B943DA3BE2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA1EC3FF-4053-4AF0-B09C-E3CC55D976F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EAB5E949-F714-4C5A-9F9F-BB7A88FE4A4A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC0179C3-ED08-4BDF-8D20-ACCF26941951}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ECAA77E1-C397-425C-8EA8-AABA39F20515}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{F28AB1D4-6B3F-4236-9F06-81EC46416DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{FB3A7009-6DE5-4834-AC62-7D2FC953B7A2}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{FF6B5B8F-E211-4051-90A2-B229E560D412}" = protocol=6 | dir=out | app=system |
"TCP Query User{86F7C087-65E5-441D-BC34-B7E4774D632B}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{BE054855-F524-4484-88C4-800826E3E380}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{C9F8BD4B-81C0-4C02-AF3E-DDC50CBF09EF}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"TCP Query User{F81BD059-2B72-462E-9D24-F96CF118BE82}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{1326729F-E2F1-4F17-B138-297612701DE1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{9DD1BE1A-CB87-4AA4-8E22-35D6CC76950A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{CD19530A-EDCF-45FE-9ECB-88E97E257B09}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{CFBBD9E5-6B7E-41F3-A5A4-2B40E1ED8CE8}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}" = Privacy Manager for HP ProtectTools
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1EB84327-5469-B591-F59C-E91372063F0D}" = ccc-utility64
"{32C278B2-BC1F-4018-8FB4-2012A40D9FC1}" = HP Power Assistant
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{516DA517-73A0-40F8-8CD9-E5ED4EC383E5}" = Validity Fingerprint Driver
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{61A177CE-86A3-433F-BFE2-41AB9123A268}" = ESET NOD32 Antivirus
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89D7DD37-5A15-46E0-9C3C-A0004C4F1A38}" = Drive Encryption for HP ProtectTools
"{89E65E64-68E2-32A4-09E1-2606E2BEC841}" = AMD Media Foundation Decoders
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A78F11F2-A478-4BF8-A29A-63746D8A97C9}" = HP ProtectTools Security Manager
"{B39F601A-E865-7C74-48C6-821AD1312D33}" = ATI Catalyst Install Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook
"{E793990C-90BE-4B69-AC29-BF5E8FD4ED54}" = Face Recognition for HP ProtectTools
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F2177395-FD90-44B0-AFB8-2E0566855E5C}" = HP Power Data
"CCleaner" = CCleaner
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Motorola Bluetooth_is1" = Motorola Bluetooth
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{21385719-E020-4ED8-A3D4-6B46D0E5DAB1}" = ArcSoft TotalMedia
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{31EF4C77-4A10-9422-4F73-DA2F56F72A11}" = CCC Help English
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{3CAD25F8-F8AF-66C3-0183-C0D195152268}" = Catalyst Control Center Graphics Previews Common
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7861911B-4270-498A-8F7A-FCF0570F487D}" = HP QuickWeb
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885EACE2-F2B6-BC1F-E4DC-D80154650B8D}" = Catalyst Control Center Localization All
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3059B3-B804-42BB-909B-25864C7D33E3}" = HP Documentation
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B6D58F80-C8BE-5E7F-8F1C-1AEB4A5EACE6}" = Catalyst Control Center InstallProxy
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D5CAF1CF-21CD-DAE4-72E2-3EDA756175BD}" = Catalyst Control Center
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Drive Encryption" = Drive Encryption for HP ProtectTools
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EADM" = EA Download Manager
"facemoods" = Facemoods Toolbar
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.17.903
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Gamestudio A8" = Gamestudio A8
"Google Chrome" = Google Chrome
"HyperCam 3" = HyperCam 3
"iLivid" = iLivid
"ImgBurn" = ImgBurn
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"JDownloader" = JDownloader
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"Searchqu Toolbar" = Searchqu Toolbar
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.5
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/15/2012 1:30:34 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe". Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 5/15/2012 1:30:39 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe". Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 5/15/2012 1:30:44 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe". Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 5/15/2012 1:30:49 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe". Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 5/15/2012 1:30:54 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe". Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 5/15/2012 1:30:54 PM | Computer Name = ****Book | Source = MsiInstaller | ID = 10005
Description =
Error - 5/15/2012 1:30:54 PM | Computer Name = ****Book | Source = MsiInstaller | ID = 1013
Description =
Error - 5/15/2012 1:30:54 PM | Computer Name = ****Book | Source = MsiInstaller | ID = 11920
Description =
Error - 5/17/2012 4:06:01 PM | Computer Name = ****Book | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1704 Startzeit: 01cd34685a8afc74 Endzeit: 8 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 5/22/2012 12:41:19 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Arcsoft\TotalMedia Suite\TotalMedia Studio MV\CaptureModule.exe.Manifest".
Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Arcsoft\TotalMedia
Suite\TotalMedia Studio MV\CaptureModule.exe.Manifest" in Zeile 3. Der Wert "1,
2, 0, 17" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 5/24/2012 4:26:37 PM | Computer Name = ****Book | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Hewlett-Packard Events ]
Error - 5/5/2011 4:00:29 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HP.ActiveSupportLibrary
bei HP.ActiveSupportLibrary.Issues.HPSFSession.?()
Error - 5/19/2011 5:48:47 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HP.ActiveSupportLibrary
bei HP.ActiveSupportLibrary.Issues.HPSFSession.?()
Error - 6/23/2011 4:25:58 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HP.ActiveSupportLibrary
bei HP.ActiveSupportLibrary.Issues.HPSFSession.?()
Error - 9/8/2011 3:41:38 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091108094136.xml
File not created by asset agent
Error - 11/10/2011 4:12:54 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111110091251.xml
File not created by asset agent
Error - 1/12/2012 6:12:53 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011212111238.xml
File not created by asset agent
Error - 1/26/2012 5:20:27 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011226102025.xml
File not created by asset agent
Error - 3/8/2012 5:43:56 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031208104353.xml
File not created by asset agent
Error - 4/26/2012 5:55:46 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041226115544.xml
File not created by asset agent
Error - 5/17/2012 4:14:05 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051217101402.xml
File not created by asset agent
[ HP Power Assistant Events ]
Error - 8/10/2012 5:07:43 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = GetBatteryLifeCost returns infinite or NaN. currentConsumption = 0 hl.Battery.Capacity
= 18965 currentLifespan = +unendlich active = True idleDraw = 214,487045697684 bei
System.Environment.get_StackTrace() bei HPPA_Main.PACustomControls.Pages.SettingsPage.GetBatteryLifeCost(Double
idleDraw, Boolean active) bei HPPA_Main.PACustomControls.Pages.SettingsPage.updatePowerSchemePredictions()
bei HPPA_Main.PACustomControls.Pages.SettingsPage.estimatesUpdateTimer_Tick(Object
sender, EventArgs e) bei System.Windows.Forms.Timer.OnTick(EventArgs e) bei
System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m) bei System.Windows.Forms.NativeWindow.Callback(IntPtr
hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) bei System.Windows.Threading.Dispatcher.TranslateAndDispatchMessage(MSG&
msg) bei System.Windows.Threading.Dispatcher.PushFrameImpl(DispatcherFrame frame)
bei System.Windows.Application.RunInternal(Window window) bei HPPA_Main.Startup.Main(String[]
args)
Error - 8/10/2012 5:07:43 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = GetBatteryLifeCost returns infinite or NaN. currentConsumption = 0 hl.Battery.Capacity
= 18965 currentLifespan = +unendlich active = True idleDraw = 0 bei System.Environment.get_StackTrace()
bei HPPA_Main.PACustomControls.Pages.SettingsPage.GetBatteryLifeCost(Double idleDraw,
Boolean active) bei HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateAdditionalConsumption()
bei HPPA_Main.PACustomControls.Pages.SettingsPage.estimatesUpdateTimer_Tick(Object
sender, EventArgs e) bei System.Windows.Forms.Timer.OnTick(EventArgs e) bei
System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m) bei System.Windows.Forms.NativeWindow.Callback(IntPtr
hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) bei System.Windows.Threading.Dispatcher.TranslateAndDispatchMessage(MSG&
msg) bei System.Windows.Threading.Dispatcher.PushFrameImpl(DispatcherFrame frame)
bei System.Windows.Application.RunInternal(Window window) bei HPPA_Main.Startup.Main(String[]
args)
Error - 8/10/2012 5:07:43 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = System.OverflowException Das Negieren des minimalen Wertes einer Ergänzungszahl
ist unzulässig. bei System.Math.Abs(Int32 value) bei HPPA_Main.PACustomControls.DSList.AdditionalConsumption.set_TimeImpact(Nullable`1
value)
Error - 8/18/2012 1:25:17 PM | Computer Name = ****Book | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException Fehler im XML-Dokument. bei System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, String encodingStyle, XmlDeserializationEvents events) bei System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) bei HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput& pmcData)
bei HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)
Error - 8/18/2012 1:25:18 PM | Computer Name = ****Book | Source = HP PA Service | ID = 0
Description = System.FormatException Die Zeichenfolge '2025-25-25T25:25:25' kein
gültiger AllXsd-Wert. bei System.Xml.Schema.XsdDateTime..ctor(String text, XsdDateTimeFlags
kinds) bei System.Xml.XmlConvert.ToDateTime(String s, XmlDateTimeSerializationMode
dateTimeOption) bei System.Xml.Serialization.XmlSerializationReader.ToDateTime(String
value) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read96_GetPMCDataOutputOutputData(Boolean
isNullable, Boolean checkType) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read97_GetPMCDataOutputOutput(Boolean
isNullable, Boolean checkType) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read98_GetPMCDataOutput(Boolean
isNullable, Boolean checkType) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read227_GetPMCDataOutput()
Error - 9/9/2012 4:01:23 PM | Computer Name = ****Book | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException Fehler im XML-Dokument. bei System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, String encodingStyle, XmlDeserializationEvents events) bei System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) bei HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput& pmcData)
bei HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)
Error - 9/9/2012 4:01:23 PM | Computer Name = ****Book | Source = HP PA Service | ID = 0
Description = System.FormatException Die Zeichenfolge '2000-00-00T00:00:00' kein
gültiger AllXsd-Wert. bei System.Xml.Schema.XsdDateTime..ctor(String text, XsdDateTimeFlags
kinds) bei System.Xml.XmlConvert.ToDateTime(String s, XmlDateTimeSerializationMode
dateTimeOption) bei System.Xml.Serialization.XmlSerializationReader.ToDateTime(String
value) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read96_GetPMCDataOutputOutputData(Boolean
isNullable, Boolean checkType) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read97_GetPMCDataOutputOutput(Boolean
isNullable, Boolean checkType) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read98_GetPMCDataOutput(Boolean
isNullable, Boolean checkType) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read227_GetPMCDataOutput()
Error - 9/20/2012 4:34:18 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = System.ArgumentException UpdateBatteryPredictions() bad values. Check
PMCCapabilities.XML and PMCData.XML if in emulation mode Level value needs to be
an integer between 0 and 100, got 101 bei HPPA_Main.Battery.Battery.set_Level(Int32
value) bei HPPA_Main.ACDCControl.DCMode(Int32 timeInSeconds, Int32 levelInPercentage1,
Nullable`1 levelInPercentage2) bei HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
Error - 9/20/2012 4:35:18 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = System.ArgumentException UpdateBatteryPredictions() bad values. Check
PMCCapabilities.XML and PMCData.XML if in emulation mode Level value needs to be
an integer between 0 and 100, got 101 bei HPPA_Main.Battery.Battery.set_Level(Int32
value) bei HPPA_Main.ACDCControl.DCMode(Int32 timeInSeconds, Int32 levelInPercentage1,
Nullable`1 levelInPercentage2) bei HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
Error - 9/20/2012 4:35:35 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = System.ArgumentException UpdateBatteryPredictions() bad values. Check
PMCCapabilities.XML and PMCData.XML if in emulation mode Level value needs to be
an integer between 0 and 100, got 101 bei HPPA_Main.Battery.Battery.set_Level(Int32
value) bei HPPA_Main.ACDCControl.DCMode(Int32 timeInSeconds, Int32 levelInPercentage1,
Nullable`1 levelInPercentage2) bei HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
[ HP Wireless Assistant Events ]
Error - 9/18/2010 10:54:02 AM | Computer Name = MCEL7K9U7E256 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 9/18/2010 10:54:02 AM | Computer Name = MCEL7K9U7E256 | Source = HP WA Service | ID = 0
Description = System.Exception Register() failed : e_GENERAL_EXCEPTION at HP_Common.CaslWrapper.Register(EventArrivedEventHandler
handler) at HPPA_Service.CurrentConfiguration..ctor()
Error - 9/18/2010 10:54:04 AM | Computer Name = MCEL7K9U7E256 | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597 at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
calibration) at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
[ System Events ]
Error - 9/23/2012 1:57:11 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%126
Error - 9/23/2012 1:57:41 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%126
Error - 9/23/2012 1:58:11 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%126
Error - 9/23/2012 1:58:41 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%126
Error - 9/23/2012 1:59:11 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%126
Error - 9/23/2012 1:59:41 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%126
Error - 9/23/2012 2:00:11 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%126
Error - 9/23/2012 2:00:41 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%126
Error - 9/23/2012 2:01:11 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%126
Error - 9/23/2012 2:01:41 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%126
< End of report >
----------------------------------------------------------------- OTL Logfile: Code:
ATTFilter OTL logfile created on: 9/23/2012 7:53:57 PM - Run 1 OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 55.47% Memory free 7.72 Gb Paging File | 5.38 Gb Available in Paging File | 69.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448.47 Gb Total Space | 208.87 Gb Free Space | 46.57% Space Free | Partition Type: NTFS Drive D: | 5.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.52% Space Free | Partition Type: FAT32 Computer Name: ****BOOK | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) PRC - C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe (Synaptics Incorporated) PRC - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\srvany.exe () PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) PRC - C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Motorola, Inc.) PRC - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.) PRC - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) PRC - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\854edff8bd00701e10f73fbf59739aed\IAStorUtil.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b3a8e8ec51ff3287e12eec44706bf6d\IAStorCommon.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\SysWOW64\SUPSDK.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Windows\SysWOW64\flcdlmsg.dll () ========== Services (SafeList) ========== SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.) SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) SRV:64bit: - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (IDT, Inc.) SRV:64bit: - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV:64bit: - (DEBridge) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.) SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.) SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Andrea Electronics Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (ScrybeUpdater) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (STacSV) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe (IDT, Inc.) SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.) SRV - (HPFSService) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (uArcCapture) -- C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.) SRV - (HP ProtectTools Service) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (FLCDLOCK) -- c:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Ltd) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET) DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.) DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SbFsLock) -- C:\windows\SysNative\drivers\SbFsLock.sys (McAfee, Inc.) DRV:64bit: - (RsvLock) -- C:\windows\SysNative\drivers\RsvLock.sys (McAfee, Inc.) DRV:64bit: - (SafeBoot) -- C:\windows\SysNative\drivers\SafeBoot.sys () DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Development Company L.P.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SbAlg) -- C:\windows\SysNative\drivers\SbAlg.sys (McAfee, Inc.) DRV - (SbAlg) -- C:\windows\SysWow64\drivers\SbAlg.sys (McAfee, Inc.) DRV - (SbFsLock) -- C:\windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.) DRV - (RsvLock) -- C:\windows\SysWow64\drivers\rsvlock.sys (McAfee, Inc.) DRV - (SafeBoot) -- C:\windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{A4AFB4D5-19BA-4BED-99C1-925B53ED1459}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{A4AFB4D5-19BA-4BED-99C1-925B53ED1459}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{06083AFC-584E-4810-9586-45A1EAAD6A63}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd_ut IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{A4AFB4D5-19BA-4BED-99C1-925B53ED1459}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.6.1 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.2.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=" FF - prefs.js..network.proxy.backup.ftp: "212.156.83.14" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "212.156.83.14" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "212.156.83.14" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "212.156.83.14" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "109.228.10.228" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "109.228.10.228" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "109.228.10.228" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "109.228.10.228" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "109.228.10.228" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/09/03 11:49:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/23 15:35:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/16 21:24:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/12/10 22:53:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/23 15:35:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/16 21:24:05 | 000,000,000 | ---D | M] [2012/08/16 21:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012/09/20 17:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\7fufi9fy.default\extensions [2012/01/28 19:01:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\7fufi9fy.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012/08/16 21:27:35 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\7fufi9fy.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011/12/14 16:50:28 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\7fufi9fy.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2011/09/24 12:33:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\7fufi9fy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/09/20 17:22:15 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\7fufi9fy.default\searchplugins\icqplugin-1.xml [2011/12/14 16:49:19 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\7fufi9fy.default\searchplugins\icqplugin-2.xml [2011/12/10 22:45:51 | 000,001,052 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\7fufi9fy.default\searchplugins\icqplugin.xml [2012/08/16 21:27:32 | 000,002,519 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\7fufi9fy.default\searchplugins\Search_Results.xml [2012/08/16 21:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/02/24 00:04:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012/09/23 15:35:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/07/28 01:21:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/23 15:35:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/28 01:21:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/11/02 21:31:29 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2012/07/28 01:21:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/08/16 21:27:32 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012/07/28 01:21:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/07/28 01:21:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.searchnu.com/406 CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=390&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.searchnu.com/406 CHR - plugin: Shockwave Flash (Disabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Facemoods = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\ CHR - Extension: ICQ Sparberater = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.673_0\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll () O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39F13F3F-9888-4D50-A54A-79FC01FCB5F7}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59A1C080-536E-4140-A82B-955EFB74AE48}: DhcpNameServer = 127.0.0.1 194.204.159.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/09/16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2011/09/16 06:58:13 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{3d1cf30e-9d98-11e0-a060-70f395e37e0f}\Shell - "" = AutoRun O33 - MountPoints2\{3d1cf30e-9d98-11e0-a060-70f395e37e0f}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{be7b6a23-2325-11e0-94d5-b4206fe3c68a}\Shell - "" = AutoRun O33 - MountPoints2\{be7b6a23-2325-11e0-94d5-b4206fe3c68a}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2011/09/16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/23 19:52:59 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012/09/23 19:30:13 | 000,000,000 | ---D | C] -- C:\TuneUpPortable [2012/09/21 18:36:02 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\mp4 [2012/09/20 18:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/09/20 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/09/20 17:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012/09/20 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft ========== Files - Modified Within 30 Days ========== [2012/09/23 19:52:37 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012/09/23 19:51:01 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/09/23 19:50:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/09/23 19:50:13 | 4143,374,336 | -HS- | M] () -- C:\hiberfil.sys [2012/09/23 19:43:01 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/09/23 19:25:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/09/23 15:16:20 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/23 15:16:20 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/22 15:25:18 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/09/22 15:25:18 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/09/21 17:55:15 | 000,002,326 | ---- | M] () -- C:\Users\****\Desktop\Free Video to MP3 Converter.lnk [2012/09/20 18:34:43 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/09/20 17:26:21 | 000,001,304 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012/09/18 00:27:05 | 000,027,300 | ---- | M] () -- C:\Users\****\Desktop\151646210-1.jpg [2012/09/11 23:03:35 | 001,472,002 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/09/11 23:03:35 | 000,643,866 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/09/11 23:03:35 | 000,607,190 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/09/11 23:03:35 | 000,126,394 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/09/11 23:03:35 | 000,103,568 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/09/05 00:45:14 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/08/30 14:03:35 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor****.job ========== Files Created - No Company Name ========== [2012/09/21 17:55:15 | 000,002,326 | ---- | C] () -- C:\Users\****\Desktop\Free Video to MP3 Converter.lnk [2012/09/20 18:34:43 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012/09/20 17:26:16 | 000,001,304 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012/09/18 00:31:21 | 000,027,300 | ---- | C] () -- C:\Users\****\Desktop\151646210-1.jpg [2012/07/31 23:44:13 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2011/07/30 13:49:22 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\{DD760ACF-586F-4D56-B1C0-82CFD3390628} [2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll [2011/03/10 21:17:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011/03/10 21:14:52 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys [2011/02/24 00:08:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/02/06 16:46:36 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2011/01/18 21:35:22 | 000,077,824 | ---- | C] () -- C:\windows\KMService.exe [2011/01/18 21:35:22 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0E08FC17 < End of report > Geändert von noelpy (23.09.2012 um 19:21 Uhr) |
|
24.09.2012, 08:20
| #2 |
| /// Malwareteam    | Mehrere Trojaner entfernt - ist mein Rechner nun sauber? Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
__________________
Downloade Dir bitte Malwarebytes
__________________ |
|
24.09.2012, 10:13
| #3 |
| | Mehrere Trojaner entfernt - ist mein Rechner nun sauber? Danke für die rasche Hilfe.
__________________Hier die Logs: ckfiles Code:
ATTFilter CKScanner - Additional Security Risks - These are not necessarily bad
c:\download\ooooooooooooooogta\grand_theft_auto_iv_update_v1.0.7.0-razor1911\crack\1911.dll
c:\download\ooooooooooooooogta\grand_theft_auto_iv_update_v1.0.7.0-razor1911\crack\launchgtaiv.exe
c:\program files\gta multi\bo2\gtasa\gta san andreas\data\decision\craig\crack1.ped
c:\program files (x86)\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\basedata\bridge_cracks.dds
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\basedata\church02_cracks.dds
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\basedata\collapsing01_cracks.dds
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\basedata\cracks01.dds
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\models\objects\missionspec\snowcracks01_big.v3o
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\models\objects\missionspec\snowcracks01_small.v3o
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\models\objects\objectchildren\church02_cracks.v3o
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\models\openhouses\burningtower\burning_tower01_cracks.dds
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\prototypes\objects\missionspec\snowcracks01_big.e4p
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\prototypes\objects\missionspec\snowcracks01_small.e4p
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\prototypes\objects\objectchildren\church02_cracks.e4p
c:\users\****\downloads\winrar3.93_final_x32-x64_-reg-aktiviert\winrar3.93 final x32-x64 -reg-aktiviert\keygen(fff)\fff.nfo
c:\users\****\downloads\winrar3.93_final_x32-x64_-reg-aktiviert\winrar3.93 final x32-x64 -reg-aktiviert\keygen(fff)\keygen.exe
scanner sequence 3.IH.11.UVNAIX
----- EOF -----
mbam-log-2012-09-24 (11-06-37) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.24.03 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Mats :: MATSBOOK [Administrator] 24.09.2012 11:06:37 mbam-log-2012-09-24 (11-06-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201386 Laufzeit: 1 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 3092 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart. (Ende) |
|
24.09.2012, 10:39
| #4 |
| /// Malwareteam | Mehrere Trojaner entfernt - ist mein Rechner nun sauber?Code:
ATTFilter grand_theft_auto_iv_update_v1.0.7.0-razor1911\crack\1911.dll
grand_theft_auto_iv_update_v1.0.7.0-razor1911\crack\launchgtaiv.exe
C:\Windows\KMService.exe
 Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren. Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien ) Dies ist einer der Hauptursachen für Infektionen. Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden. Darum haben wir uns darauf geeinigt: Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Mehrere Trojaner entfernt - ist mein Rechner nun sauber? |
| autorun, bandoo, bho, bonjour, converter, driver genius, error, eset nod32, excel, failed, fehler, flash player, google, grand theft auto, home, iexplore.exe, install.exe, java/exploit.cve-2011-3544.bq, jdownloader, js/kryptik.vk, langsam, logfile, mozilla, mp3, msiinstaller, plug-in, realtek, registry, richtlinie, scan, security, software, svchost.exe, trojaner, usb, usb 2.0, windows |
Linear-Darstellung
