| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop-Absturz - Blue Screen -> Malware?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.04.2013, 10:33
| #1 |
 |  Laptop-Absturz - Blue Screen -> Malware? Hallo zusammen, nachdem ich in einem anderen Thread bereits ein Problem gelöst bekommen habe, muss ich nun erneut bei Euch um Hilfe ansuchen. Mein Geschäftsrechner stürzt alle 2 Tage mit einem blue screen ab. Ursache ist, so vermute ich, viren oder ähnliches. Ich habe bei mir Snap.do gefunden und obwohl ich dieses versucht habe zu installieren, taucht es immer wieder auf. Vielleicht habe ich dabei etwas übersehen. Wärt Ihr so freundlich mir dabei zu helfen, meinen Rechner mit der richtigen Software zu checken? Vielen Dank. Hier mein OTL-Log: Code:
ATTFilter OTL logfile created on: 26.04.2013 11:17:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oehmenl\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.88 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 30.54% Memory free 7.77 Gb Paging File | 4.56 Gb Available in Paging File | 58.66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 96.07 Gb Total Space | 10.99 Gb Free Space | 11.44% Space Free | Partition Type: NTFS Drive G: | 20.88 Gb Total Space | 3.22 Gb Free Space | 15.41% Space Free | Partition Type: NTFS Drive T: | 1.99 Gb Total Space | 1.97 Gb Free Space | 99.34% Space Free | Partition Type: FAT32 Computer Name: NBCHLFL001008 | User Name: OehmenL | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.26 10:48:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oehmenl\Downloads\OTL.exe PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\oehmenl\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.02.13 12:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.02.13 12:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.02.13 12:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.27 17:06:00 | 000,345,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2012.11.27 17:06:00 | 000,333,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mcafee\common framework\UdaterUI.exe PRC - [2012.11.27 17:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2012.11.27 17:06:00 | 000,075,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe PRC - [2012.08.14 21:08:00 | 000,033,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2012.06.12 23:51:06 | 001,421,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2012.03.28 19:38:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.28 19:38:24 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.28 19:38:16 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.03.27 11:14:26 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.03.22 03:13:48 | 000,372,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2012.03.22 03:13:44 | 012,310,616 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2012.03.22 00:36:32 | 001,327,104 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe PRC - [2012.03.21 03:55:10 | 000,536,848 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2012.03.15 19:47:54 | 001,045,328 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2012.03.09 20:22:46 | 000,070,960 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe PRC - [2012.03.07 06:10:04 | 001,134,584 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2012.03.01 04:06:42 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012.03.01 04:06:36 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.02.03 06:42:00 | 000,498,352 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe PRC - [2012.01.27 01:53:10 | 001,127,800 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe PRC - [2012.01.27 01:51:32 | 000,330,616 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe PRC - [2012.01.27 01:49:18 | 000,212,344 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe PRC - [2012.01.27 01:18:26 | 000,984,440 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe PRC - [2011.09.14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2010.04.13 16:47:14 | 001,636,872 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe PRC - [2009.07.15 13:28:42 | 000,371,712 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe ========== Modules (No Company Name) ========== MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2012.10.11 08:04:18 | 000,221,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0e56badd6e20e2dc81c45cdff2326f6b\System.ServiceProcess.ni.dll MOD - [2012.10.11 08:04:10 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1a7c90bf70e6fef2970dd02ca5def39a\System.Runtime.Remoting.ni.dll MOD - [2012.10.11 08:03:56 | 000,194,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\30bf8a41a7888e9056506091adbe05f2\CustomMarshalers.ni.dll MOD - [2012.10.11 08:03:52 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll MOD - [2012.10.10 15:46:54 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll MOD - [2012.10.10 15:46:37 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll MOD - [2012.10.10 15:46:26 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll MOD - [2012.10.10 15:46:22 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll MOD - [2012.10.10 15:46:20 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll MOD - [2012.10.10 15:46:17 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll MOD - [2012.10.10 15:46:15 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll MOD - [2012.10.10 15:46:08 | 014,415,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll MOD - [2012.07.30 10:24:35 | 000,489,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ab16b2721684612a1c9053401797082\IAStorUtil.ni.dll MOD - [2012.07.30 10:24:35 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0ac5296285b1a74de78ded1c844cfb60\IAStorCommon.ni.dll MOD - [2012.07.30 10:17:49 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.07.30 10:17:45 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.07.30 10:17:29 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.07.30 10:17:24 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.07.30 10:17:14 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.07.30 10:17:10 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.07.30 10:17:08 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.07.30 10:17:07 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.07.30 10:17:03 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.17 21:14:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.01.31 23:19:18 | 000,366,464 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.04 17:10:40 | 000,646,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent) SRV:64bit: - [2012.12.18 13:14:30 | 000,170,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.12.12 08:36:49 | 000,201,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.10.09 10:24:28 | 000,212,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.07.12 06:19:42 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2012.04.26 23:56:00 | 000,033,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2012.03.22 00:36:32 | 001,327,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent) SRV:64bit: - [2012.03.20 16:45:18 | 002,694,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2012.03.15 19:47:56 | 000,493,904 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2012.03.14 23:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2012.03.07 11:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2012.03.05 17:04:18 | 000,314,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2012.02.02 03:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011.05.13 15:08:50 | 000,120,184 | ---- | M] (DameWare Development LLC) [On_Demand | Stopped] -- C:\Windows\SysNative\DNTUS26.EXE -- (DNTUS26) SRV:64bit: - [2011.02.17 07:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.17 08:29:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.27 17:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.12 23:51:06 | 001,421,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2012.04.30 23:34:10 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.03.28 19:38:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.03.28 19:38:24 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.03.28 19:38:16 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.03.22 03:13:48 | 000,372,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2012.03.21 03:55:10 | 000,536,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe -- (RoxioBurnLauncher) SRV - [2012.03.20 16:28:20 | 002,325,584 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2012.03.09 20:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2012.03.07 10:18:30 | 001,118,480 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2012.03.07 06:10:04 | 001,134,584 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2012.03.01 04:06:36 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.02.03 06:42:00 | 000,498,352 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture) SRV - [2012.01.31 23:19:14 | 000,477,056 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2012.01.27 01:53:10 | 001,127,800 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv) SRV - [2012.01.27 01:49:18 | 000,212,344 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService) SRV - [2012.01.27 01:18:26 | 000,984,440 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS) SRV - [2011.09.14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2011.09.10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.05.13 15:09:24 | 000,700,792 | ---- | M] (DameWare Development LLC) [On_Demand | Stopped] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs) SRV - [2010.04.13 16:47:14 | 001,636,872 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe -- (USBMIDIAudioDevMon) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 03:09:46 | 000,052,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FireNfcp.sys -- (FireNfcp) DRV:64bit: - [2013.02.04 17:12:00 | 000,197,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.12.18 13:14:30 | 000,673,624 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.12.18 13:14:30 | 000,496,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.12.18 13:14:30 | 000,305,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.12.18 13:14:30 | 000,282,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.12.18 13:14:30 | 000,169,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.12.18 13:14:30 | 000,076,224 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.12.12 08:36:50 | 000,101,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.09.20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 06:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.08.24 04:39:14 | 000,100,728 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NEOFLTR_720_21697.SYS -- (NEOFLTR_720_21697) DRV:64bit: - [2012.07.12 06:19:42 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2012.07.12 06:19:41 | 004,747,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012.04.26 23:56:00 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.04.26 23:56:00 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012.03.31 00:53:42 | 001,863,680 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2012.03.27 11:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.03.27 11:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.03.27 11:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.27 07:09:56 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.22 01:08:46 | 000,093,640 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal) DRV:64bit: - [2012.03.22 01:08:20 | 000,158,792 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc) DRV:64bit: - [2012.03.09 05:55:26 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.03.08 12:01:00 | 000,058,000 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2012.03.05 17:04:18 | 000,536,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.28 01:28:10 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2012.02.28 01:28:08 | 000,026,200 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2012.02.22 22:54:08 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2012.02.03 06:42:00 | 000,042,816 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM) DRV:64bit: - [2012.02.02 05:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2012.02.02 05:07:18 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2012.02.02 05:07:18 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2012.02.02 05:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2012.02.02 05:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2012.02.02 05:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2012.02.02 05:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2012.02.02 03:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.01.31 20:59:30 | 000,064,312 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2011.12.06 16:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.09 22:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.07.25 18:44:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.25 18:44:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.07.18 17:11:44 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.01.26 04:18:54 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.03.13 15:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd) DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16 IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://service.hydac.info/dana/home/index.cgi IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{90D07C84-E952-48C1-996F-93E434F50F7A}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.5.5 FF - prefs.js..extensions.enabledAddons: {b8d51471-15f1-46cd-a600-448a6b103c2d}:1.8.1 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20130402 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.6 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.3.4 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012.07.12 06:16:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.19 09:40:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.04.18 07:47:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 20:12:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.30 10:16:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 09:51:03 | 000,000,000 | ---D | M] [2013.04.02 17:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Extensions [2013.04.02 17:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2013.04.19 08:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Firefox\Profiles\5rtlgijc.default\extensions [2013.04.05 10:48:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Firefox\Profiles\5rtlgijc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.04.19 08:17:42 | 000,050,424 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\groovesharkUnlocker@overlord1337.xpi [2012.12.20 10:18:30 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2013.04.18 10:10:42 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.20 10:18:30 | 000,210,799 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{b8d51471-15f1-46cd-a600-448a6b103c2d}.xpi [2013.02.17 09:08:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.19 19:52:25 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012.10.04 17:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.04 17:57:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=hp CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll CHR - Extension: Autumn = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\alibnodcalenogbpgdihbfccibcagloo\1.3_0\ CHR - Extension: Google Drive = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\ CHR - Extension: Google Mail = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121212073722.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121212073722.dll (McAfee, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe (Broadcom Corporation) O4:64bit: - HKLM..\Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.EXE (DameWare Development) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.) O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [IFXSPMGT] c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - Startup: C:\Users\oehmenl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\oehmenl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://service.hydac.info/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ch-bi.hydac.int O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46D3EE14-F630-4CD4-B588-98EFC8F7F5AF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49CD0D40-4E06-4319-9963-7BE791112813}: DhcpNameServer = 10.165.8.27 10.165.10.13 129.42.10.39 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.26 10:48:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\oehmenl\Desktop\OTL.exe [2013.04.26 10:42:40 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\Malwarebytes [2013.04.26 10:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.26 10:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.26 10:42:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.04.26 10:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.19 08:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.15 07:36:07 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\Desktop\GSHY1 2013-04-08 [2013.04.02 10:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIR Music Technology [2013.04.01 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\dvdcss [2013.03.31 02:50:32 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Local\AIR Music Technology [2013.03.31 02:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AIR Music Technology [2013.03.31 02:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\AIR Music Technology [2013.03.30 10:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\M-Audio [2013.03.30 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\IDT [2013.03.30 00:12:21 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\FLEXnet [2013.03.29 22:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio [2013.03.29 22:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio ========== Files - Modified Within 30 Days ========== [2013.04.26 11:21:27 | 002,302,976 | ---- | M] () -- C:\Users\oehmenl\Documents\LO kontakte.pst [2013.04.26 11:17:02 | 000,031,312 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 11:17:02 | 000,031,312 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 11:14:48 | 001,621,242 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.04.26 11:14:48 | 000,700,408 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.04.26 11:14:48 | 000,655,090 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.04.26 11:14:48 | 000,149,190 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.04.26 11:14:48 | 000,121,962 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.04.26 11:10:27 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.26 11:09:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.04.26 11:09:48 | 4170,940,416 | -HS- | M] () -- C:\hiberfil.sys [2013.04.26 10:48:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oehmenl\Desktop\OTL.exe [2013.04.26 10:47:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.26 10:42:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.26 09:57:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.04.25 07:08:56 | 000,000,340 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForoehmenl.job [2013.04.24 08:33:07 | 000,004,804 | ---- | M] () -- C:\Users\oehmenl\Desktop\List of pump substitutes.pdf [2013.04.23 08:12:43 | 000,107,544 | ---- | M] () -- C:\Users\oehmenl\Desktop\Preisliste 2013-04-23 PTC_VT_BIERI.pdf [2013.04.22 10:34:27 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Ignite.lnk [2013.04.15 10:07:18 | 000,296,609 | ---- | M] () -- C:\Users\oehmenl\Documents\Backup GT-I9300 Bieri_LO 2013-04-15.mpb [2013.04.10 18:18:54 | 721,243,679 | ---- | M] () -- C:\windows\MEMORY.DMP [2013.04.10 17:32:01 | 000,000,352 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForNBCHLFL001008$.job [2013.04.05 08:35:41 | 000,147,949 | ---- | M] () -- C:\Users\oehmenl\Desktop\Incoterms_2010_chart.pdf [2013.04.05 07:41:34 | 004,757,242 | ---- | M] () -- C:\Users\oehmenl\Desktop\Construction Applications of Bieri products201302.pdf [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.04.04 03:09:46 | 000,052,584 | ---- | M] (McAfee, Inc.) -- C:\windows\SysNative\drivers\FireNfcp.sys [2013.03.30 10:43:29 | 000,001,013 | ---- | M] () -- C:\Users\oehmenl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.30 10:43:24 | 000,000,985 | ---- | M] () -- C:\Users\oehmenl\Desktop\Dropbox.lnk ========== Files Created - No Company Name ========== [2013.04.26 10:42:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.24 08:33:07 | 000,004,804 | ---- | C] () -- C:\Users\oehmenl\Desktop\List of pump substitutes.pdf [2013.04.23 08:12:39 | 000,107,544 | ---- | C] () -- C:\Users\oehmenl\Desktop\Preisliste 2013-04-23 PTC_VT_BIERI.pdf [2013.04.15 10:07:04 | 000,296,609 | ---- | C] () -- C:\Users\oehmenl\Documents\Backup GT-I9300 Bieri_LO 2013-04-15.mpb [2013.04.05 08:35:41 | 000,147,949 | ---- | C] () -- C:\Users\oehmenl\Desktop\Incoterms_2010_chart.pdf [2013.04.05 07:41:26 | 004,757,242 | ---- | C] () -- C:\Users\oehmenl\Desktop\Construction Applications of Bieri products201302.pdf [2013.03.31 02:49:43 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Ignite.lnk [2013.02.25 15:52:53 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\FsUsbExDevice.Dll [2013.02.25 15:52:53 | 000,037,344 | ---- | C] () -- C:\windows\SysWow64\FsUsbExDisk.Sys [2013.02.25 14:54:26 | 000,038,478 | ---- | C] () -- C:\Users\oehmenl\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2013.02.04 13:17:02 | 000,004,096 | -H-- | C] () -- C:\Users\oehmenl\AppData\Local\keyfile3.drm [2012.11.14 09:39:05 | 000,014,416 | ---- | C] () -- C:\Users\oehmenl\Kontakte001.ecsv.bak [2012.11.14 09:38:58 | 000,083,747 | ---- | C] () -- C:\Users\oehmenl\Visio KEY.pdf [2012.11.14 09:38:58 | 000,000,769 | ---- | C] () -- C:\Users\oehmenl\Verknüpfung mit Start.exe.lnk [2012.11.14 09:38:56 | 000,120,173 | ---- | C] () -- C:\Users\oehmenl\PricelistSTD201206-EUR - Singapore.pdf [2012.11.14 09:38:55 | 004,163,282 | ---- | C] () -- C:\Users\oehmenl\manual foxit.pdf [2012.11.14 09:38:55 | 003,533,205 | ---- | C] () -- C:\Users\oehmenl\Hydraulikskript.PDF [2012.11.14 09:38:55 | 000,131,104 | ---- | C] () -- C:\Users\oehmenl\Kontakte001.spb [2012.11.14 09:38:55 | 000,001,807 | ---- | C] () -- C:\Users\oehmenl\Google Chrome.lnk [2012.11.14 09:38:54 | 000,779,264 | ---- | C] () -- C:\Users\oehmenl\backupKontakteSonderhoff.pst [2012.11.14 09:38:54 | 000,022,641 | ---- | C] () -- C:\Users\oehmenl\bookmark.htm [2012.11.14 09:38:54 | 000,000,949 | ---- | C] () -- C:\Users\oehmenl\Free YouTube Download.lnk [2012.11.13 16:38:20 | 000,009,434 | RHS- | C] () -- C:\Users\oehmenl\ntuser.pol [2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2012.07.30 09:24:02 | 000,000,117 | ---- | C] () -- C:\windows\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}.ini [2012.07.30 09:24:02 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}.ini [2012.07.30 09:17:46 | 000,000,400 | ---- | C] () -- C:\windows\SysWow64\oeminfo.ini [2012.07.30 09:16:44 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2012.07.30 09:07:54 | 000,007,820 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.07.12 06:26:46 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2012.07.12 06:26:46 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2012.05.17 22:21:59 | 001,599,136 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.04.18 04:50:16 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat [2012.03.27 07:19:12 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin [2012.03.27 07:19:10 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin [2012.03.27 07:03:48 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.03.27 05:53:44 | 013,024,768 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll [2012.03.21 21:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign [2012.03.15 19:48:52 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign [2012.03.15 19:48:26 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign [2012.03.15 19:48:26 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign [2012.03.15 19:47:56 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign [2012.03.15 19:47:56 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign [2012.03.15 19:47:54 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign [2012.03.15 19:47:12 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign [2012.03.12 23:09:58 | 000,020,480 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll [2012.03.12 23:09:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign [2012.03.12 23:09:56 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign [2012.03.07 10:40:52 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll [2012.02.10 02:43:04 | 000,014,192 | ---- | C] () -- C:\windows\HPun2430Version.dll [2012.01.31 23:19:18 | 000,366,464 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll [2011.10.12 11:02:14 | 000,187,728 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll [2011.10.12 11:02:14 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign [2011.09.07 19:35:30 | 000,065,536 | R--- | C] () -- C:\windows\SysWow64\scardsyn.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.25 10:11:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\APP_NAME_NON_STRING [2012.11.13 16:38:32 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\DigitalPersona [2012.11.14 16:26:52 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Downloaded Installations [2013.04.26 11:10:51 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Dropbox [2012.11.23 12:53:38 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\DVDVideoSoft [2012.11.20 13:23:01 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.14 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\FileOpen [2013.03.30 10:23:39 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\IDT [2012.11.13 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Infineon [2012.11.28 03:30:25 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Juniper Networks [2012.12.30 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Leadertech [2013.04.15 08:10:33 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\MyPhoneExplorer [2012.11.14 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Nitro [2012.11.15 11:34:53 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Nitro PDF [2013.01.25 10:15:54 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\PDF Software [2013.02.25 15:50:51 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Samsung [2012.11.13 16:39:46 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Synaptics [2012.11.13 16:38:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Xerox ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.04.2013 11:17:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\####\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.88 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 30.54% Memory free
7.77 Gb Paging File | 4.56 Gb Available in Paging File | 58.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96.07 Gb Total Space | 10.99 Gb Free Space | 11.44% Space Free | Partition Type: NTFS
Drive G: | 20.88 Gb Total Space | 3.22 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
Drive T: | 1.99 Gb Total Space | 1.97 Gb Free Space | 99.34% Space Free | Partition Type: FAT32
Computer Name: NBCHLFL001008 | User Name: #### | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"6129:TCP:*:Dameware" = 6129:TCP:*:Dameware
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"6129:TCP:*:Dameware" = 6129:TCP:*:Dameware
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AD7BEC-5A83-4FB1-A54A-3073F418AC98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{061FED5D-43DE-4638-8545-62772A09A5F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{0B0E709A-C84F-450E-A5A3-73A607BE4437}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0C047BCF-7700-4DA5-AE9E-0443A0C16724}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{462FE72B-3761-4DFB-A139-8FEA485D1609}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4807EB7D-637B-45EF-8401-FF6C03F1387B}" = rport=138 | protocol=17 | dir=out | app=system |
"{5ACF2EBD-442E-47CB-ADF7-45E6295479DC}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E9A7056-15A9-4C31-84CC-6F54E84E762B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{600C0E27-DC23-4717-B8E7-C749386542B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{72488E5A-8AF0-4860-B2BF-246AB5173A44}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{837B5BD2-ABE7-4BE0-B39E-F68EB5A00ECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{9BB7E2B1-9262-4861-9F61-290E3BBC23BF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A7780CE9-EFF2-496A-8CE3-241C9CDF8639}" = lport=139 | protocol=6 | dir=in | app=system |
"{B87CDA91-7EF5-4790-AF35-323F81B8CE69}" = rport=2869 | protocol=6 | dir=out | app=system |
"{BCAACBA3-C7A2-4A20-8D11-F405D549E99D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEE75236-2AA8-48C0-864E-8E8906A2D2CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5A7B038-E24C-44F6-AF36-CCB08ECF2D9E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E70F2C4A-92FC-4B02-B804-200AA08A7F50}" = lport=445 | protocol=6 | dir=in | app=system |
"{ED1B65CB-08DC-4BC9-8A9F-93B022559F2B}" = lport=137 | protocol=17 | dir=in | app=system |
"{FE63E965-1B70-40AD-A7E5-D302A5007B23}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FE1718-580A-4645-A617-A1A0FD7C737E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0D1A7B3B-0200-42A5-A66C-0729B31789BE}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{36FD162B-F130-4266-BE5E-6BA225CA5D53}" = protocol=17 | dir=in | app=c:\users\####\appdata\roaming\dropbox\bin\dropbox.exe |
"{38AADDB6-CA3E-411A-A938-54EB2F817E6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C01A629-8409-406B-A383-5752D8C9FCCC}" = protocol=6 | dir=in | app=c:\users\####\appdata\roaming\dropbox\bin\dropbox.exe |
"{4782CF57-4248-4B84-A208-5275F13FFF50}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{586C7826-4527-4B2D-A2E2-0AF6F1FEA1CF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{59C1A2D8-4E42-4428-9235-498ED9BF66A0}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{5CBBB1B8-D4D8-4BBB-A647-426A51EC2EAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5FDA62A1-63A2-4D95-8DCF-6F241C83F7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{6FE3419A-337E-4132-97B7-FA3C2DDF134F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{723F13FE-BE29-491B-A361-5037EDDD9B3E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{778A809A-6EC6-4A04-96BD-9E7ACFFC2D07}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{9DFAC689-C83B-4A9C-B81A-3ACA7ECF1BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{C76593AF-29ED-4266-BAAF-0D04FEF58A7C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CC62A101-BD00-4E42-B80B-697C7ABF29EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D21B8DED-E1B3-4836-A478-C9997F640396}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E07BE63E-B408-40DD-8427-2E4F3475C9E9}" = dir=in | app=c:\windows\dwrcs\dwrcs.exe |
"{F7DB85F7-D800-4CAA-BDD6-2E5D96E90508}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"TCP Query User{118DF42F-FF61-45E6-91B2-06D242D20624}C:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe |
"TCP Query User{8E49B145-49C0-4475-9BB4-C8726A2CF003}C:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe" = protocol=6 | dir=in | app=c:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe |
"TCP Query User{98C1B141-1A2B-48A9-A873-9A7A3E4F9535}C:\oracle\product\ora10g\jdk\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\oracle\product\ora10g\jdk\jre\bin\java.exe |
"UDP Query User{66CD0649-29FA-408D-9D43-74EE14AB89B4}C:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe |
"UDP Query User{C2B29DA2-DBCB-4038-A1C5-7ECCD6F8F9A4}C:\oracle\product\ora10g\jdk\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\oracle\product\ora10g\jdk\jre\bin\java.exe |
"UDP Query User{DA0E43B1-3876-412F-BAD4-D8344250A36F}C:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe" = protocol=17 | dir=in | app=c:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}" = Drive Encryption For HP ProtectTools
"{32ED2629-C9B1-4C29-A32A-F3E04A5EE303}" = M-Audio USB MIDI Series Driver 5.0.1 (x64)
"{43BE25B8-E69F-42CF-9414-7DDCF891629B}" = Embedded Security for HP ProtectTools
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84642787-58C0-44AE-8B26-E2F544E380A1}" = HP Power Assistant
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}" = Validity Fingerprint Sensor Driver
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Broadcom Bluetooth Software
"{A535F266-291E-447F-ABE6-0BE17D0CB036}" = HP ProtectTools Security Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C0C9A493-51CB-4F3F-A296-5B5E410C338E}" = HP 3D DriveGuard
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}" = Privacy Manager for HP ProtectTools
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}" = WinZip 15.0
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5}" = McAfee Host Intrusion Prevention
"{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5}_Uninst" = McAfee Host Intrusion Prevention
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{ED65B2D2-6A3B-4A2C-9A41-8E4D4ACEC34E}" = Ignite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"Face Recognition for HP ProtectTools" = Face Recognition for HP ProtectTools
"HPProtectTools" = HP ProtectTools Security Manager
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"PROSet" = Intel(R) Network Connections Drivers
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio Data Module
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}" = Theft Recovery for HP ProtectTools
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP HD Webcam Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4AEFF024-F0D0-4AD6-8231-FF51949E91E0}" = McAfee Agent
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{527DF063-3E28-4E2D-934C-0D3D726D2063}" = SetupCrystalXIWin32Runtime
"{6357258D-2BF9-49E7-A9EF-0C609D52C46D}" = HP ESU for Microsoft Windows 7
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6A53C42D-DCCD-46B7-9143-51071726A6F6}_is1" = Outlook4Gmail 3.1
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8278C6EF-C1C0-4DF9-B7D9-08888280FB61}" = ORTEMS Production Scheduler: Fat deployment 7.3.0
"{8B2A1CFD-8F88-4081-9E18-99395CC27EE6}" = HP Documentation
"{8B62B70F-B0EE-4626-BA23-7A169B8CC724}" = GhostScript
"{8FE60B86-0B99-426D-8DBE-BEC526FDED71}" = Roxio Secure Burn
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A423A4FF-D143-4563-B910-3FC94CB6E85B}" = FilZip
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB4CC828-05EE-4A9B-9097-E0308C27ECCB}" = HP Connection Manager
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio Audio Module
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio Copy Module
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}" = HP System Default Settings
"{CB7253BF-3096-462F-924B-3B800C905D98}" = SolidWorks viewer
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F24F876B-7D71-4BD6-88E9-614D3BB84228}" = Alcor Micro Smart Card Reader Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DivX Setup" = DivX Setup
"Foxit Reader_is1" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}" = Theft Recovery for HP ProtectTools
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"PDF Complete" = PDF Complete Corporate Edition
"Sage ProConcept ERP Client_is1" = Sage PCE2003 Client v3.9.5
"SZCCID" = Alcor Micro Smart Card Reader Driver
"VLC media player" = VLC media player 2.0.6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.04.2013 14:53:19 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
Error - 02.04.2013 02:37:51 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
Error - 02.04.2013 02:58:46 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 02.04.2013 04:38:07 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
Error - 02.04.2013 04:38:08 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
Error - 02.04.2013 04:38:11 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
Error - 02.04.2013 04:38:13 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
Error - 02.04.2013 09:06:17 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PC_ExeComObjLauncher.exe, Version:
3.9.5.226, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: rtl100.bpl, Version:
10.0.2288.42451, Zeitstempel: 0x443760d4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000065c2
ID
des fehlerhaften Prozesses: 0xad4 Startzeit der fehlerhaften Anwendung: 0x01ce2f7f1a479f0b
Pfad
der fehlerhaften Anwendung: \\Bh-srv08\pcs$\exe\PC_ExeComObjLauncher.exe Pfad des
fehlerhaften Moduls: \\Bh-srv08\pcs$\exe\rtl100.bpl Berichtskennung: 1a2357be-9b96-11e2-9548-a0b3ccc9b207
Error - 03.04.2013 01:10:35 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
Error - 03.04.2013 01:13:51 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 27.08.2012 01:29:33 | Computer Name = bhbe-mob007.ad.bierihydraulik.com | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 3977 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 29.08.2012 01:44:41 | Computer Name = NBCHLFL001007.ch-bi.hydac.int | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 3977 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 13.11.2012 13:19:48 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = HPSF.exe | ID = 4000
Description =
[ HP Connection Manager Events ]
Error - 23.04.2013 01:16:15 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.23 07:16:15.219|000010A4|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 23.04.2013 01:16:17 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.23 07:16:17.124|000010A4|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 24.04.2013 01:12:40 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.24 07:12:40.319|000007A8|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 24.04.2013 01:12:42 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.24 07:12:42.202|000007A8|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 25.04.2013 01:11:59 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.25 07:11:59.565|00001C88|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 25.04.2013 01:12:01 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.25 07:12:01.500|00001C88|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 26.04.2013 01:17:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 07:17:23.286|00001F28|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 26.04.2013 01:17:25 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 07:17:25.173|00001F28|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 26.04.2013 05:12:44 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 11:12:44.555|00001D28|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 26.04.2013 05:12:46 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 11:12:46.456|00001D28|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
[ HP Software Framework Events ]
Error - 25.04.2013 01:11:01 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 07:11:01.748|00001F6C|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 25.04.2013 01:11:52 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 07:11:52.168|00001ECC|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 25.04.2013 01:11:58 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 07:11:58.067|00001AEC|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 25.04.2013 10:04:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 16:04:23.913|00001F40|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 25.04.2013 10:04:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 16:04:23.929|00001F40|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged.2.0 event. Exception: Der Objektverweis
wurde nicht auf eine Objektinstanz festgelegt.
Error - 26.04.2013 01:16:36 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 07:16:36.012|00001DB4|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 26.04.2013 01:17:16 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 07:17:16.535|000019A0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 26.04.2013 01:17:21 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 07:17:21.789|00000FA0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 26.04.2013 05:11:59 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 11:11:59.946|000011A8|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 26.04.2013 05:12:38 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 11:12:38.073|00000B34|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
[ System Events ]
Error - 07.10.2012 15:01:57 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 07.10.2012 15:03:06 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 07.10.2012 15:05:56 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Roxio Burn Launcher" wurde nicht richtig gestartet.
Error - 08.10.2012 01:45:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne HYDACCH-BI aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 08.10.2012 01:45:24 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpHotkeyMonitor" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 08.10.2012 12:47:26 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne HYDACCH-BI aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 08.10.2012 12:47:27 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpHotkeyMonitor" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 08.10.2012 12:48:09 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 08.10.2012 12:48:50 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 08.10.2012 12:51:55 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Roxio Burn Launcher" wurde nicht richtig gestartet.
< End of report >
Geändert von palomino165 (26.04.2013 um 10:38 Uhr) Grund: Anhang Extra-Log |
| Themen zu Laptop-Absturz - Blue Screen -> Malware? |
| application/pdf:, bho, converter, defender, desktop, downloader, excel, firefox, flash player, format, freundlich, google, gruppe, helper, install.exe, logfile, malware, mozilla, mp3, msiinstaller, object, plug-in, problem, problem gelöst, recuva, registry, richtlinie, scan, security, software, usb, viren, visual studio, windows |
Baum-Darstellung