| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop-Absturz - Blue Screen -> Malware?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.04.2013, 10:33
| #1 |
 |  Laptop-Absturz - Blue Screen -> Malware? Hallo zusammen, nachdem ich in einem anderen Thread bereits ein Problem gelöst bekommen habe, muss ich nun erneut bei Euch um Hilfe ansuchen. Mein Geschäftsrechner stürzt alle 2 Tage mit einem blue screen ab. Ursache ist, so vermute ich, viren oder ähnliches. Ich habe bei mir Snap.do gefunden und obwohl ich dieses versucht habe zu installieren, taucht es immer wieder auf. Vielleicht habe ich dabei etwas übersehen. Wärt Ihr so freundlich mir dabei zu helfen, meinen Rechner mit der richtigen Software zu checken? Vielen Dank. Hier mein OTL-Log: Code:
ATTFilter OTL logfile created on: 26.04.2013 11:17:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oehmenl\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.88 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 30.54% Memory free 7.77 Gb Paging File | 4.56 Gb Available in Paging File | 58.66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 96.07 Gb Total Space | 10.99 Gb Free Space | 11.44% Space Free | Partition Type: NTFS Drive G: | 20.88 Gb Total Space | 3.22 Gb Free Space | 15.41% Space Free | Partition Type: NTFS Drive T: | 1.99 Gb Total Space | 1.97 Gb Free Space | 99.34% Space Free | Partition Type: FAT32 Computer Name: NBCHLFL001008 | User Name: OehmenL | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.26 10:48:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oehmenl\Downloads\OTL.exe PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\oehmenl\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.02.13 12:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.02.13 12:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.02.13 12:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.27 17:06:00 | 000,345,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2012.11.27 17:06:00 | 000,333,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mcafee\common framework\UdaterUI.exe PRC - [2012.11.27 17:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2012.11.27 17:06:00 | 000,075,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe PRC - [2012.08.14 21:08:00 | 000,033,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2012.06.12 23:51:06 | 001,421,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2012.03.28 19:38:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.28 19:38:24 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.28 19:38:16 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.03.27 11:14:26 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.03.22 03:13:48 | 000,372,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2012.03.22 03:13:44 | 012,310,616 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2012.03.22 00:36:32 | 001,327,104 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe PRC - [2012.03.21 03:55:10 | 000,536,848 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2012.03.15 19:47:54 | 001,045,328 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2012.03.09 20:22:46 | 000,070,960 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe PRC - [2012.03.07 06:10:04 | 001,134,584 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2012.03.01 04:06:42 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012.03.01 04:06:36 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.02.03 06:42:00 | 000,498,352 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe PRC - [2012.01.27 01:53:10 | 001,127,800 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe PRC - [2012.01.27 01:51:32 | 000,330,616 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe PRC - [2012.01.27 01:49:18 | 000,212,344 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe PRC - [2012.01.27 01:18:26 | 000,984,440 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe PRC - [2011.09.14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2010.04.13 16:47:14 | 001,636,872 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe PRC - [2009.07.15 13:28:42 | 000,371,712 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe ========== Modules (No Company Name) ========== MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2012.10.11 08:04:18 | 000,221,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0e56badd6e20e2dc81c45cdff2326f6b\System.ServiceProcess.ni.dll MOD - [2012.10.11 08:04:10 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1a7c90bf70e6fef2970dd02ca5def39a\System.Runtime.Remoting.ni.dll MOD - [2012.10.11 08:03:56 | 000,194,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\30bf8a41a7888e9056506091adbe05f2\CustomMarshalers.ni.dll MOD - [2012.10.11 08:03:52 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll MOD - [2012.10.10 15:46:54 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll MOD - [2012.10.10 15:46:37 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll MOD - [2012.10.10 15:46:26 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll MOD - [2012.10.10 15:46:22 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll MOD - [2012.10.10 15:46:20 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll MOD - [2012.10.10 15:46:17 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll MOD - [2012.10.10 15:46:15 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll MOD - [2012.10.10 15:46:08 | 014,415,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll MOD - [2012.07.30 10:24:35 | 000,489,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ab16b2721684612a1c9053401797082\IAStorUtil.ni.dll MOD - [2012.07.30 10:24:35 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0ac5296285b1a74de78ded1c844cfb60\IAStorCommon.ni.dll MOD - [2012.07.30 10:17:49 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.07.30 10:17:45 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.07.30 10:17:29 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.07.30 10:17:24 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.07.30 10:17:14 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.07.30 10:17:10 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.07.30 10:17:08 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.07.30 10:17:07 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.07.30 10:17:03 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.17 21:14:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.01.31 23:19:18 | 000,366,464 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.04 17:10:40 | 000,646,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent) SRV:64bit: - [2012.12.18 13:14:30 | 000,170,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.12.12 08:36:49 | 000,201,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.10.09 10:24:28 | 000,212,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.07.12 06:19:42 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2012.04.26 23:56:00 | 000,033,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2012.03.22 00:36:32 | 001,327,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent) SRV:64bit: - [2012.03.20 16:45:18 | 002,694,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2012.03.15 19:47:56 | 000,493,904 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2012.03.14 23:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2012.03.07 11:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2012.03.05 17:04:18 | 000,314,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2012.02.02 03:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011.05.13 15:08:50 | 000,120,184 | ---- | M] (DameWare Development LLC) [On_Demand | Stopped] -- C:\Windows\SysNative\DNTUS26.EXE -- (DNTUS26) SRV:64bit: - [2011.02.17 07:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.17 08:29:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.27 17:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.12 23:51:06 | 001,421,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2012.04.30 23:34:10 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.03.28 19:38:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.03.28 19:38:24 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.03.28 19:38:16 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.03.22 03:13:48 | 000,372,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2012.03.21 03:55:10 | 000,536,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe -- (RoxioBurnLauncher) SRV - [2012.03.20 16:28:20 | 002,325,584 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2012.03.09 20:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2012.03.07 10:18:30 | 001,118,480 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2012.03.07 06:10:04 | 001,134,584 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2012.03.01 04:06:36 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.02.03 06:42:00 | 000,498,352 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture) SRV - [2012.01.31 23:19:14 | 000,477,056 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2012.01.27 01:53:10 | 001,127,800 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv) SRV - [2012.01.27 01:49:18 | 000,212,344 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService) SRV - [2012.01.27 01:18:26 | 000,984,440 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS) SRV - [2011.09.14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2011.09.10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.05.13 15:09:24 | 000,700,792 | ---- | M] (DameWare Development LLC) [On_Demand | Stopped] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs) SRV - [2010.04.13 16:47:14 | 001,636,872 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe -- (USBMIDIAudioDevMon) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 03:09:46 | 000,052,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FireNfcp.sys -- (FireNfcp) DRV:64bit: - [2013.02.04 17:12:00 | 000,197,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.12.18 13:14:30 | 000,673,624 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.12.18 13:14:30 | 000,496,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.12.18 13:14:30 | 000,305,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.12.18 13:14:30 | 000,282,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.12.18 13:14:30 | 000,169,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.12.18 13:14:30 | 000,076,224 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.12.12 08:36:50 | 000,101,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.09.20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 06:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.08.24 04:39:14 | 000,100,728 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NEOFLTR_720_21697.SYS -- (NEOFLTR_720_21697) DRV:64bit: - [2012.07.12 06:19:42 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2012.07.12 06:19:41 | 004,747,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012.04.26 23:56:00 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.04.26 23:56:00 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012.03.31 00:53:42 | 001,863,680 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2012.03.27 11:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.03.27 11:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.03.27 11:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.27 07:09:56 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.22 01:08:46 | 000,093,640 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal) DRV:64bit: - [2012.03.22 01:08:20 | 000,158,792 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc) DRV:64bit: - [2012.03.09 05:55:26 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.03.08 12:01:00 | 000,058,000 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2012.03.05 17:04:18 | 000,536,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.28 01:28:10 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2012.02.28 01:28:08 | 000,026,200 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2012.02.22 22:54:08 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2012.02.03 06:42:00 | 000,042,816 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM) DRV:64bit: - [2012.02.02 05:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2012.02.02 05:07:18 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2012.02.02 05:07:18 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2012.02.02 05:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2012.02.02 05:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2012.02.02 05:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2012.02.02 05:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2012.02.02 03:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.01.31 20:59:30 | 000,064,312 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2011.12.06 16:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.09 22:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.07.25 18:44:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.25 18:44:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.07.18 17:11:44 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.01.26 04:18:54 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.03.13 15:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd) DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16 IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://service.hydac.info/dana/home/index.cgi IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{90D07C84-E952-48C1-996F-93E434F50F7A}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.5.5 FF - prefs.js..extensions.enabledAddons: {b8d51471-15f1-46cd-a600-448a6b103c2d}:1.8.1 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20130402 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.6 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.3.4 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012.07.12 06:16:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.19 09:40:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.04.18 07:47:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 20:12:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.30 10:16:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 09:51:03 | 000,000,000 | ---D | M] [2013.04.02 17:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Extensions [2013.04.02 17:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2013.04.19 08:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Firefox\Profiles\5rtlgijc.default\extensions [2013.04.05 10:48:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Firefox\Profiles\5rtlgijc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.04.19 08:17:42 | 000,050,424 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\groovesharkUnlocker@overlord1337.xpi [2012.12.20 10:18:30 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2013.04.18 10:10:42 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.20 10:18:30 | 000,210,799 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{b8d51471-15f1-46cd-a600-448a6b103c2d}.xpi [2013.02.17 09:08:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.19 19:52:25 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012.10.04 17:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.04 17:57:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=hp CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll CHR - Extension: Autumn = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\alibnodcalenogbpgdihbfccibcagloo\1.3_0\ CHR - Extension: Google Drive = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\ CHR - Extension: Google Mail = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121212073722.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121212073722.dll (McAfee, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe (Broadcom Corporation) O4:64bit: - HKLM..\Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.EXE (DameWare Development) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.) O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [IFXSPMGT] c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - Startup: C:\Users\oehmenl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\oehmenl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://service.hydac.info/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ch-bi.hydac.int O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46D3EE14-F630-4CD4-B588-98EFC8F7F5AF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49CD0D40-4E06-4319-9963-7BE791112813}: DhcpNameServer = 10.165.8.27 10.165.10.13 129.42.10.39 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.26 10:48:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\oehmenl\Desktop\OTL.exe [2013.04.26 10:42:40 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\Malwarebytes [2013.04.26 10:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.26 10:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.26 10:42:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.04.26 10:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.19 08:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.15 07:36:07 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\Desktop\GSHY1 2013-04-08 [2013.04.02 10:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIR Music Technology [2013.04.01 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\dvdcss [2013.03.31 02:50:32 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Local\AIR Music Technology [2013.03.31 02:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AIR Music Technology [2013.03.31 02:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\AIR Music Technology [2013.03.30 10:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\M-Audio [2013.03.30 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\IDT [2013.03.30 00:12:21 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\FLEXnet [2013.03.29 22:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio [2013.03.29 22:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio ========== Files - Modified Within 30 Days ========== [2013.04.26 11:21:27 | 002,302,976 | ---- | M] () -- C:\Users\oehmenl\Documents\LO kontakte.pst [2013.04.26 11:17:02 | 000,031,312 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 11:17:02 | 000,031,312 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 11:14:48 | 001,621,242 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.04.26 11:14:48 | 000,700,408 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.04.26 11:14:48 | 000,655,090 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.04.26 11:14:48 | 000,149,190 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.04.26 11:14:48 | 000,121,962 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.04.26 11:10:27 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.26 11:09:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.04.26 11:09:48 | 4170,940,416 | -HS- | M] () -- C:\hiberfil.sys [2013.04.26 10:48:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oehmenl\Desktop\OTL.exe [2013.04.26 10:47:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.26 10:42:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.26 09:57:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.04.25 07:08:56 | 000,000,340 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForoehmenl.job [2013.04.24 08:33:07 | 000,004,804 | ---- | M] () -- C:\Users\oehmenl\Desktop\List of pump substitutes.pdf [2013.04.23 08:12:43 | 000,107,544 | ---- | M] () -- C:\Users\oehmenl\Desktop\Preisliste 2013-04-23 PTC_VT_BIERI.pdf [2013.04.22 10:34:27 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Ignite.lnk [2013.04.15 10:07:18 | 000,296,609 | ---- | M] () -- C:\Users\oehmenl\Documents\Backup GT-I9300 Bieri_LO 2013-04-15.mpb [2013.04.10 18:18:54 | 721,243,679 | ---- | M] () -- C:\windows\MEMORY.DMP [2013.04.10 17:32:01 | 000,000,352 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForNBCHLFL001008$.job [2013.04.05 08:35:41 | 000,147,949 | ---- | M] () -- C:\Users\oehmenl\Desktop\Incoterms_2010_chart.pdf [2013.04.05 07:41:34 | 004,757,242 | ---- | M] () -- C:\Users\oehmenl\Desktop\Construction Applications of Bieri products201302.pdf [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.04.04 03:09:46 | 000,052,584 | ---- | M] (McAfee, Inc.) -- C:\windows\SysNative\drivers\FireNfcp.sys [2013.03.30 10:43:29 | 000,001,013 | ---- | M] () -- C:\Users\oehmenl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.30 10:43:24 | 000,000,985 | ---- | M] () -- C:\Users\oehmenl\Desktop\Dropbox.lnk ========== Files Created - No Company Name ========== [2013.04.26 10:42:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.24 08:33:07 | 000,004,804 | ---- | C] () -- C:\Users\oehmenl\Desktop\List of pump substitutes.pdf [2013.04.23 08:12:39 | 000,107,544 | ---- | C] () -- C:\Users\oehmenl\Desktop\Preisliste 2013-04-23 PTC_VT_BIERI.pdf [2013.04.15 10:07:04 | 000,296,609 | ---- | C] () -- C:\Users\oehmenl\Documents\Backup GT-I9300 Bieri_LO 2013-04-15.mpb [2013.04.05 08:35:41 | 000,147,949 | ---- | C] () -- C:\Users\oehmenl\Desktop\Incoterms_2010_chart.pdf [2013.04.05 07:41:26 | 004,757,242 | ---- | C] () -- C:\Users\oehmenl\Desktop\Construction Applications of Bieri products201302.pdf [2013.03.31 02:49:43 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Ignite.lnk [2013.02.25 15:52:53 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\FsUsbExDevice.Dll [2013.02.25 15:52:53 | 000,037,344 | ---- | C] () -- C:\windows\SysWow64\FsUsbExDisk.Sys [2013.02.25 14:54:26 | 000,038,478 | ---- | C] () -- C:\Users\oehmenl\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2013.02.04 13:17:02 | 000,004,096 | -H-- | C] () -- C:\Users\oehmenl\AppData\Local\keyfile3.drm [2012.11.14 09:39:05 | 000,014,416 | ---- | C] () -- C:\Users\oehmenl\Kontakte001.ecsv.bak [2012.11.14 09:38:58 | 000,083,747 | ---- | C] () -- C:\Users\oehmenl\Visio KEY.pdf [2012.11.14 09:38:58 | 000,000,769 | ---- | C] () -- C:\Users\oehmenl\Verknüpfung mit Start.exe.lnk [2012.11.14 09:38:56 | 000,120,173 | ---- | C] () -- C:\Users\oehmenl\PricelistSTD201206-EUR - Singapore.pdf [2012.11.14 09:38:55 | 004,163,282 | ---- | C] () -- C:\Users\oehmenl\manual foxit.pdf [2012.11.14 09:38:55 | 003,533,205 | ---- | C] () -- C:\Users\oehmenl\Hydraulikskript.PDF [2012.11.14 09:38:55 | 000,131,104 | ---- | C] () -- C:\Users\oehmenl\Kontakte001.spb [2012.11.14 09:38:55 | 000,001,807 | ---- | C] () -- C:\Users\oehmenl\Google Chrome.lnk [2012.11.14 09:38:54 | 000,779,264 | ---- | C] () -- C:\Users\oehmenl\backupKontakteSonderhoff.pst [2012.11.14 09:38:54 | 000,022,641 | ---- | C] () -- C:\Users\oehmenl\bookmark.htm [2012.11.14 09:38:54 | 000,000,949 | ---- | C] () -- C:\Users\oehmenl\Free YouTube Download.lnk [2012.11.13 16:38:20 | 000,009,434 | RHS- | C] () -- C:\Users\oehmenl\ntuser.pol [2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2012.07.30 09:24:02 | 000,000,117 | ---- | C] () -- C:\windows\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}.ini [2012.07.30 09:24:02 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}.ini [2012.07.30 09:17:46 | 000,000,400 | ---- | C] () -- C:\windows\SysWow64\oeminfo.ini [2012.07.30 09:16:44 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2012.07.30 09:07:54 | 000,007,820 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.07.12 06:26:46 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2012.07.12 06:26:46 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2012.05.17 22:21:59 | 001,599,136 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.04.18 04:50:16 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat [2012.03.27 07:19:12 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin [2012.03.27 07:19:10 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin [2012.03.27 07:03:48 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.03.27 05:53:44 | 013,024,768 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll [2012.03.21 21:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign [2012.03.15 19:48:52 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign [2012.03.15 19:48:26 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign [2012.03.15 19:48:26 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign [2012.03.15 19:47:56 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign [2012.03.15 19:47:56 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign [2012.03.15 19:47:54 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign [2012.03.15 19:47:12 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign [2012.03.12 23:09:58 | 000,020,480 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll [2012.03.12 23:09:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign [2012.03.12 23:09:56 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign [2012.03.07 10:40:52 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll [2012.02.10 02:43:04 | 000,014,192 | ---- | C] () -- C:\windows\HPun2430Version.dll [2012.01.31 23:19:18 | 000,366,464 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll [2011.10.12 11:02:14 | 000,187,728 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll [2011.10.12 11:02:14 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign [2011.09.07 19:35:30 | 000,065,536 | R--- | C] () -- C:\windows\SysWow64\scardsyn.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.25 10:11:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\APP_NAME_NON_STRING [2012.11.13 16:38:32 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\DigitalPersona [2012.11.14 16:26:52 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Downloaded Installations [2013.04.26 11:10:51 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Dropbox [2012.11.23 12:53:38 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\DVDVideoSoft [2012.11.20 13:23:01 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.14 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\FileOpen [2013.03.30 10:23:39 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\IDT [2012.11.13 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Infineon [2012.11.28 03:30:25 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Juniper Networks [2012.12.30 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Leadertech [2013.04.15 08:10:33 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\MyPhoneExplorer [2012.11.14 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Nitro [2012.11.15 11:34:53 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Nitro PDF [2013.01.25 10:15:54 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\PDF Software [2013.02.25 15:50:51 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Samsung [2012.11.13 16:39:46 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Synaptics [2012.11.13 16:38:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Xerox ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.04.2013 11:17:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\####\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.88 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 30.54% Memory free
7.77 Gb Paging File | 4.56 Gb Available in Paging File | 58.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96.07 Gb Total Space | 10.99 Gb Free Space | 11.44% Space Free | Partition Type: NTFS
Drive G: | 20.88 Gb Total Space | 3.22 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
Drive T: | 1.99 Gb Total Space | 1.97 Gb Free Space | 99.34% Space Free | Partition Type: FAT32
Computer Name: NBCHLFL001008 | User Name: #### | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"6129:TCP:*:Dameware" = 6129:TCP:*:Dameware
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"6129:TCP:*:Dameware" = 6129:TCP:*:Dameware
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AD7BEC-5A83-4FB1-A54A-3073F418AC98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{061FED5D-43DE-4638-8545-62772A09A5F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{0B0E709A-C84F-450E-A5A3-73A607BE4437}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0C047BCF-7700-4DA5-AE9E-0443A0C16724}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{462FE72B-3761-4DFB-A139-8FEA485D1609}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4807EB7D-637B-45EF-8401-FF6C03F1387B}" = rport=138 | protocol=17 | dir=out | app=system |
"{5ACF2EBD-442E-47CB-ADF7-45E6295479DC}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E9A7056-15A9-4C31-84CC-6F54E84E762B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{600C0E27-DC23-4717-B8E7-C749386542B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{72488E5A-8AF0-4860-B2BF-246AB5173A44}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{837B5BD2-ABE7-4BE0-B39E-F68EB5A00ECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{9BB7E2B1-9262-4861-9F61-290E3BBC23BF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A7780CE9-EFF2-496A-8CE3-241C9CDF8639}" = lport=139 | protocol=6 | dir=in | app=system |
"{B87CDA91-7EF5-4790-AF35-323F81B8CE69}" = rport=2869 | protocol=6 | dir=out | app=system |
"{BCAACBA3-C7A2-4A20-8D11-F405D549E99D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEE75236-2AA8-48C0-864E-8E8906A2D2CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5A7B038-E24C-44F6-AF36-CCB08ECF2D9E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E70F2C4A-92FC-4B02-B804-200AA08A7F50}" = lport=445 | protocol=6 | dir=in | app=system |
"{ED1B65CB-08DC-4BC9-8A9F-93B022559F2B}" = lport=137 | protocol=17 | dir=in | app=system |
"{FE63E965-1B70-40AD-A7E5-D302A5007B23}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FE1718-580A-4645-A617-A1A0FD7C737E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0D1A7B3B-0200-42A5-A66C-0729B31789BE}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{36FD162B-F130-4266-BE5E-6BA225CA5D53}" = protocol=17 | dir=in | app=c:\users\####\appdata\roaming\dropbox\bin\dropbox.exe |
"{38AADDB6-CA3E-411A-A938-54EB2F817E6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C01A629-8409-406B-A383-5752D8C9FCCC}" = protocol=6 | dir=in | app=c:\users\####\appdata\roaming\dropbox\bin\dropbox.exe |
"{4782CF57-4248-4B84-A208-5275F13FFF50}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{586C7826-4527-4B2D-A2E2-0AF6F1FEA1CF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{59C1A2D8-4E42-4428-9235-498ED9BF66A0}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{5CBBB1B8-D4D8-4BBB-A647-426A51EC2EAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5FDA62A1-63A2-4D95-8DCF-6F241C83F7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{6FE3419A-337E-4132-97B7-FA3C2DDF134F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{723F13FE-BE29-491B-A361-5037EDDD9B3E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{778A809A-6EC6-4A04-96BD-9E7ACFFC2D07}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{9DFAC689-C83B-4A9C-B81A-3ACA7ECF1BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{C76593AF-29ED-4266-BAAF-0D04FEF58A7C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CC62A101-BD00-4E42-B80B-697C7ABF29EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D21B8DED-E1B3-4836-A478-C9997F640396}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E07BE63E-B408-40DD-8427-2E4F3475C9E9}" = dir=in | app=c:\windows\dwrcs\dwrcs.exe |
"{F7DB85F7-D800-4CAA-BDD6-2E5D96E90508}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"TCP Query User{118DF42F-FF61-45E6-91B2-06D242D20624}C:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe |
"TCP Query User{8E49B145-49C0-4475-9BB4-C8726A2CF003}C:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe" = protocol=6 | dir=in | app=c:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe |
"TCP Query User{98C1B141-1A2B-48A9-A873-9A7A3E4F9535}C:\oracle\product\ora10g\jdk\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\oracle\product\ora10g\jdk\jre\bin\java.exe |
"UDP Query User{66CD0649-29FA-408D-9D43-74EE14AB89B4}C:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe |
"UDP Query User{C2B29DA2-DBCB-4038-A1C5-7ECCD6F8F9A4}C:\oracle\product\ora10g\jdk\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\oracle\product\ora10g\jdk\jre\bin\java.exe |
"UDP Query User{DA0E43B1-3876-412F-BAD4-D8344250A36F}C:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe" = protocol=17 | dir=in | app=c:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}" = Drive Encryption For HP ProtectTools
"{32ED2629-C9B1-4C29-A32A-F3E04A5EE303}" = M-Audio USB MIDI Series Driver 5.0.1 (x64)
"{43BE25B8-E69F-42CF-9414-7DDCF891629B}" = Embedded Security for HP ProtectTools
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84642787-58C0-44AE-8B26-E2F544E380A1}" = HP Power Assistant
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}" = Validity Fingerprint Sensor Driver
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Broadcom Bluetooth Software
"{A535F266-291E-447F-ABE6-0BE17D0CB036}" = HP ProtectTools Security Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C0C9A493-51CB-4F3F-A296-5B5E410C338E}" = HP 3D DriveGuard
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}" = Privacy Manager for HP ProtectTools
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}" = WinZip 15.0
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5}" = McAfee Host Intrusion Prevention
"{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5}_Uninst" = McAfee Host Intrusion Prevention
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{ED65B2D2-6A3B-4A2C-9A41-8E4D4ACEC34E}" = Ignite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"Face Recognition for HP ProtectTools" = Face Recognition for HP ProtectTools
"HPProtectTools" = HP ProtectTools Security Manager
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"PROSet" = Intel(R) Network Connections Drivers
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio Data Module
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}" = Theft Recovery for HP ProtectTools
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP HD Webcam Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4AEFF024-F0D0-4AD6-8231-FF51949E91E0}" = McAfee Agent
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{527DF063-3E28-4E2D-934C-0D3D726D2063}" = SetupCrystalXIWin32Runtime
"{6357258D-2BF9-49E7-A9EF-0C609D52C46D}" = HP ESU for Microsoft Windows 7
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6A53C42D-DCCD-46B7-9143-51071726A6F6}_is1" = Outlook4Gmail 3.1
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8278C6EF-C1C0-4DF9-B7D9-08888280FB61}" = ORTEMS Production Scheduler: Fat deployment 7.3.0
"{8B2A1CFD-8F88-4081-9E18-99395CC27EE6}" = HP Documentation
"{8B62B70F-B0EE-4626-BA23-7A169B8CC724}" = GhostScript
"{8FE60B86-0B99-426D-8DBE-BEC526FDED71}" = Roxio Secure Burn
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A423A4FF-D143-4563-B910-3FC94CB6E85B}" = FilZip
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB4CC828-05EE-4A9B-9097-E0308C27ECCB}" = HP Connection Manager
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio Audio Module
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio Copy Module
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}" = HP System Default Settings
"{CB7253BF-3096-462F-924B-3B800C905D98}" = SolidWorks viewer
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F24F876B-7D71-4BD6-88E9-614D3BB84228}" = Alcor Micro Smart Card Reader Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DivX Setup" = DivX Setup
"Foxit Reader_is1" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}" = Theft Recovery for HP ProtectTools
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"PDF Complete" = PDF Complete Corporate Edition
"Sage ProConcept ERP Client_is1" = Sage PCE2003 Client v3.9.5
"SZCCID" = Alcor Micro Smart Card Reader Driver
"VLC media player" = VLC media player 2.0.6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.04.2013 14:53:19 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
Error - 02.04.2013 02:37:51 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
Error - 02.04.2013 02:58:46 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 02.04.2013 04:38:07 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
Error - 02.04.2013 04:38:08 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
Error - 02.04.2013 04:38:11 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
Error - 02.04.2013 04:38:13 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
Error - 02.04.2013 09:06:17 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PC_ExeComObjLauncher.exe, Version:
3.9.5.226, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: rtl100.bpl, Version:
10.0.2288.42451, Zeitstempel: 0x443760d4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000065c2
ID
des fehlerhaften Prozesses: 0xad4 Startzeit der fehlerhaften Anwendung: 0x01ce2f7f1a479f0b
Pfad
der fehlerhaften Anwendung: \\Bh-srv08\pcs$\exe\PC_ExeComObjLauncher.exe Pfad des
fehlerhaften Moduls: \\Bh-srv08\pcs$\exe\rtl100.bpl Berichtskennung: 1a2357be-9b96-11e2-9548-a0b3ccc9b207
Error - 03.04.2013 01:10:35 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
Error - 03.04.2013 01:13:51 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 27.08.2012 01:29:33 | Computer Name = bhbe-mob007.ad.bierihydraulik.com | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 3977 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 29.08.2012 01:44:41 | Computer Name = NBCHLFL001007.ch-bi.hydac.int | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 3977 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 13.11.2012 13:19:48 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = HPSF.exe | ID = 4000
Description =
[ HP Connection Manager Events ]
Error - 23.04.2013 01:16:15 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.23 07:16:15.219|000010A4|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 23.04.2013 01:16:17 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.23 07:16:17.124|000010A4|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 24.04.2013 01:12:40 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.24 07:12:40.319|000007A8|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 24.04.2013 01:12:42 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.24 07:12:42.202|000007A8|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 25.04.2013 01:11:59 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.25 07:11:59.565|00001C88|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 25.04.2013 01:12:01 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.25 07:12:01.500|00001C88|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 26.04.2013 01:17:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 07:17:23.286|00001F28|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 26.04.2013 01:17:25 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 07:17:25.173|00001F28|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 26.04.2013 05:12:44 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 11:12:44.555|00001D28|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 26.04.2013 05:12:46 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 11:12:46.456|00001D28|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
[ HP Software Framework Events ]
Error - 25.04.2013 01:11:01 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 07:11:01.748|00001F6C|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 25.04.2013 01:11:52 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 07:11:52.168|00001ECC|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 25.04.2013 01:11:58 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 07:11:58.067|00001AEC|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 25.04.2013 10:04:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 16:04:23.913|00001F40|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 25.04.2013 10:04:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 16:04:23.929|00001F40|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged.2.0 event. Exception: Der Objektverweis
wurde nicht auf eine Objektinstanz festgelegt.
Error - 26.04.2013 01:16:36 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 07:16:36.012|00001DB4|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 26.04.2013 01:17:16 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 07:17:16.535|000019A0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 26.04.2013 01:17:21 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 07:17:21.789|00000FA0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 26.04.2013 05:11:59 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 11:11:59.946|000011A8|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
Error - 26.04.2013 05:12:38 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 11:12:38.073|00000B34|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
[ System Events ]
Error - 07.10.2012 15:01:57 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 07.10.2012 15:03:06 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 07.10.2012 15:05:56 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Roxio Burn Launcher" wurde nicht richtig gestartet.
Error - 08.10.2012 01:45:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne HYDACCH-BI aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 08.10.2012 01:45:24 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpHotkeyMonitor" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 08.10.2012 12:47:26 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne HYDACCH-BI aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 08.10.2012 12:47:27 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpHotkeyMonitor" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 08.10.2012 12:48:09 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 08.10.2012 12:48:50 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 08.10.2012 12:51:55 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Roxio Burn Launcher" wurde nicht richtig gestartet.
< End of report >
Geändert von palomino165 (26.04.2013 um 10:38 Uhr) Grund: Anhang Extra-Log |
|
26.04.2013, 12:12
| #2 |
| | Laptop-Absturz - Blue Screen -> Malware? ein Gmer-Log kann ich leider nicht posten, da das Programm während dem scannen abstürzt. Siehe angehängte Bilder. |
|
28.04.2013, 16:02
| #3 |
| /// Helfer-Team  | Laptop-Absturz - Blue Screen -> Malware? Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\OehmenL\*.tmp
C:\Users\OehmenL\AppData\*.dll
C:\Users\OehmenL\AppData\*.exe
C:\Users\OehmenL\AppData\Local\Temp\*.exe
C:\Users\OehmenL\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
29.04.2013, 08:11
| #4 |
| | Laptop-Absturz - Blue Screen -> Malware? Vielen Dank für die Anleitung! Hier erst mal das OTL-Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\OehmenL\*.tmp not found.
File\Folder C:\Users\OehmenL\AppData\*.dll not found.
File\Folder C:\Users\OehmenL\AppData\*.exe not found.
File\Folder C:\Users\OehmenL\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\OehmenL\AppData\LocalLow\Sun\Java\Deployment\cache not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\oehmenl\Desktop\cmd.bat deleted successfully.
C:\Users\oehmenl\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 5565179 bytes
->Temporary Internet Files folder emptied: 74074 bytes
User: admin_furkank
->Temp folder emptied: 197505810 bytes
->Temporary Internet Files folder emptied: 18507670 bytes
->FireFox cache emptied: 6538366 bytes
User: All Users
User: biglern
->Temp folder emptied: 2349252 bytes
->Temporary Internet Files folder emptied: 34064 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: furkan
->Temp folder emptied: 2096198 bytes
->Temporary Internet Files folder emptied: 34064 bytes
User: holzd
->Temp folder emptied: 2349114 bytes
->Temporary Internet Files folder emptied: 34064 bytes
User: oehmenl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 216108404 bytes
->FireFox cache emptied: 112167159 bytes
->Google Chrome cache emptied: 9363628 bytes
->Flash cache emptied: 3152 bytes
User: Public
User: stüssif
->Flash cache emptied: 1280 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 298544157 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85029 bytes
RecycleBin emptied: 67029374 bytes
Total Files Cleaned = 895.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04292013_090444
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Hier das Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.03.22.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
oehmenl :: NBCHLFL001008 [administrator]
29.04.2013 09:23:04
mbar-log-2013-04-29 (09-23-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32689
Time elapsed: 9 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v2.300 - Datei am 29/04/2013 um 09:27:14 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : oehmenl - NBCHLFL001008
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\oehmenl\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\oehmenl\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\oehmenl\AppData\Roaming\dvdvideosoftiehelpers
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16447
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Datei : C:\Users\stüssif\AppData\Roaming\Mozilla\Firefox\Profiles\ofkw48tj.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\admin_furkank\AppData\Roaming\Mozilla\Firefox\Profiles\98zfjjl9.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\oehmenl\AppData\Roaming\Mozilla\Firefox\Profiles\5rtlgijc.default\prefs.js
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=936[...]
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2364] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f[...]
Gelöscht [l.3157] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=[...]
*************************
AdwCleaner[S1].txt - [5111 octets] - [29/04/2013 09:27:14]
########## EOF - C:\AdwCleaner[S1].txt - [5171 octets] ##########
|
|
29.04.2013, 09:31
| #5 |
| /// Helfer-Team | Laptop-Absturz - Blue Screen -> Malware? Du hast MBAR vorher nicht aktualisiert. Nochmal. |
|
29.04.2013, 09:44
| #6 |
| | Laptop-Absturz - Blue Screen -> Malware? Danke für den Hinweis! Habe nun aktualisiert, gleiche Meldung: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.29.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
OehmenL :: NBCHLFL001008 [administrator]
29.04.2013 10:43:19
mbar-log-2013-04-29 (10-43-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32834
Time elapsed: 9 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
ich meine: adwcleaner |
|
29.04.2013, 13:30
| #7 |
| /// Helfer-Team | Laptop-Absturz - Blue Screen -> Malware? Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
29.04.2013, 15:27
| #8 |
| | Laptop-Absturz - Blue Screen -> Malware? Hier das asw log: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-29 15:45:26
-----------------------------
15:45:26.942 OS Version: Windows x64 6.1.7601 Service Pack 1
15:45:26.942 Number of processors: 4 586 0x3A09
15:45:26.942 ComputerName: NBCHLFL001008 UserName: oehmenl
15:45:27.410 Initialize success
16:22:57.386 The log file has been saved successfully to "C:\Users\oehmenl\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-29 16:25:23
-----------------------------
16:25:23.644 OS Version: Windows x64 6.1.7601 Service Pack 1
16:25:23.644 Number of processors: 4 586 0x3A09
16:25:23.644 ComputerName: NBCHLFL001008 UserName: oehmenl
16:25:23.925 Initialize success
16:25:28.441 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:25:28.441 Disk 0 Vendor: MTFDDAK1 0809 Size: 122104MB BusType: 3
16:25:28.456 Disk 0 MBR read successfully
16:25:28.456 Disk 0 MBR scan
16:25:28.456 Disk 0 Windows 7 default MBR code
16:25:28.456 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
16:25:28.456 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 98372 MB offset 616448
16:25:28.456 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21382 MB offset 202082304
16:25:28.456 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2041 MB offset 245872640
16:25:28.472 Disk 0 scanning C:\windows\system32\drivers
16:25:34.868 Service scanning
16:25:38.581 Modules scanning
16:25:38.581 Disk 0 trace - called modules:
16:25:38.597 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
16:25:38.597 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006881060]
16:25:38.612 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8006774b10]
16:25:38.612 5 hpdskflt.sys[fffff88001a31299] -> nt!IofCallDriver -> [0xfffffa80042ef720]
16:25:38.628 7 ACPI.sys[fffff88000fa27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80043db050]
16:25:38.628 Scan finished successfully
16:26:02.246 Disk 0 MBR has been saved successfully to "C:\Users\oehmenl\Desktop\MBR.dat"
16:26:02.246 The log file has been saved successfully to "C:\Users\oehmenl\Desktop\aswMBR.txt"
|
|
29.04.2013, 20:27
| #9 |
| /// Helfer-Team | Laptop-Absturz - Blue Screen -> Malware? Restlichen Logs? |
|
30.04.2013, 10:33
| #10 |
| | Laptop-Absturz - Blue Screen -> Malware? Hier das ESET-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d6b86da6feac6e4baf224831e42f1698
# engine=13723
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-30 09:25:52
# local_time=2013-04-30 11:25:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 22792744 118943802 0 0
# scanned=160154
# found=0
# cleaned=0
# scan_time=12191
Code:
ATTFilter Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` McAfee VirusScan Enterprise Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.7.700.169 Adobe Reader XI Mozilla Firefox (20.0.1) Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` McAfee VirusScan Enterprise VsTskMgr.exe McAfee VirusScan Enterprise mfeann.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Geändert von palomino165 (30.04.2013 um 11:18 Uhr) Grund: nach Update von FF und Adobe |
|
30.04.2013, 18:26
| #11 |
| /// Helfer-Team | Laptop-Absturz - Blue Screen -> Malware? Abarbeiten: http://www.trojaner-board.de/126216-...epair-aio.html dann: Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. |
|
01.05.2013, 07:20
| #12 |
| | Laptop-Absturz - Blue Screen -> Malware? Jetzt ist mein Rechner ganz platt. Macht keinen Mux. Findet den bootsector nicht mehr. Ich melde mich wieder, sobald ich das gefixt habe. Bis jetzt, vielen Dank für Deine Mühe  Gruss Pal |
|
01.05.2013, 09:09
| #13 |
| /// Helfer-Team | Laptop-Absturz - Blue Screen -> Malware? Gab es Probleme mit der Platte? |
|
01.05.2013, 09:52
| #14 |
| | Laptop-Absturz - Blue Screen -> Malware? Ja leider. Sie ist komplett platt. Kein Zugriff mehr :-( |
|
02.05.2013, 14:25
| #15 |
| /// Helfer-Team | Laptop-Absturz - Blue Screen -> Malware? Das ist natuerlich bloed. Lesefehler werden wohl zu den Abstuerzen und Bluescreens gefuehrt haben. |
|
| Themen zu Laptop-Absturz - Blue Screen -> Malware? |
| application/pdf:, bho, converter, defender, desktop, downloader, excel, firefox, flash player, format, freundlich, google, gruppe, helper, install.exe, logfile, malware, mozilla, mp3, msiinstaller, object, plug-in, problem, problem gelöst, recuva, registry, richtlinie, scan, security, software, usb, viren, visual studio, windows |
Linear-Darstellung
