| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen? Avira sagt TR/VundoWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.07.2013, 18:54
| #1 |
 |  Trojaner eingefangen? Avira sagt TR/Vundo Hi, hab mir wohl was eingefangen. Avira meldet TR/Vundo.A.658 in C:Users\...\Downloads\folder_depressionen_pilgerreise.zip Mehr folgt gleich... defogger --> keine Meldung / Neustart Code:
ATTFilter OTL logfile created on: 18.07.2013 19:58:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,94 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 44,34% Memory free 7,87 Gb Paging File | 4,90 Gb Available in Paging File | 62,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 571,86 Gb Total Space | 501,29 Gb Free Space | 87,66% Space Free | Partition Type: NTFS Drive E: | 19,02 Gb Total Space | 2,90 Gb Free Space | 15,25% Space Free | Partition Type: NTFS Drive F: | 4,98 Gb Total Space | 2,10 Gb Free Space | 42,22% Space Free | Partition Type: FAT32 Computer Name: ...-HP | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.18 19:57:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Downloads\OTL.exe PRC - [2013.06.24 11:13:38 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.24 11:13:14 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.06.24 11:13:07 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2013.06.24 11:13:06 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.24 11:13:06 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.24 11:13:05 | 000,654,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2013.03.20 13:55:48 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.06.20 13:57:22 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe PRC - [2012.05.16 15:27:02 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012.04.05 17:41:46 | 001,323,008 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011.05.23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011.03.16 11:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe PRC - [2011.03.16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2011.02.12 06:07:16 | 000,820,048 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2011.02.07 21:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2011.02.07 21:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2011.01.26 19:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.01.26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.17 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.01.17 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.12 21:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe PRC - [2011.01.07 05:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2010.11.29 21:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe ========== Modules (No Company Name) ========== MOD - [2013.07.13 09:12:03 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1773f7168685423c144d14727e45be6f\IAStorUtil.ni.dll MOD - [2013.07.13 09:12:03 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll MOD - [2013.07.13 09:00:12 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll MOD - [2013.07.13 08:59:51 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.13 08:59:46 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.13 08:59:33 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013.07.13 08:59:29 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.13 08:59:27 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.13 08:59:26 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.13 08:59:22 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2012.08.27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.12.23 00:46:31 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.09.05 09:57:34 | 000,366,136 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2012.08.16 09:43:40 | 000,308,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2012.08.16 09:43:40 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2012.04.05 17:41:46 | 001,323,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent) SRV:64bit: - [2012.02.28 13:15:16 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011.10.13 18:30:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.07.15 14:09:38 | 000,137,272 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2011.02.12 06:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2011.01.22 04:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV - [2013.06.24 11:13:38 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.24 11:13:14 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.06.24 11:13:07 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013.06.24 11:13:06 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.24 11:13:05 | 000,654,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2013.06.12 20:16:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.20 13:57:22 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2012.05.16 15:27:02 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.09.05 09:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2011.08.11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011.05.23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.03.16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2011.03.07 22:48:10 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService) SRV - [2011.02.07 21:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2011.01.26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.01.22 04:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2011.01.17 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.01.17 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.12 21:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2011.01.07 05:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.01.07 05:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.11.29 21:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010.11.11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture) SRV - [2010.09.30 23:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 20:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.27 14:49:23 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.27 14:49:23 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.27 14:49:23 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.12 18:16:01 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2013.02.12 18:16:01 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.16 09:43:40 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012.08.16 09:41:59 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.07.09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.04.05 18:33:24 | 000,100,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal) DRV:64bit: - [2012.04.05 18:32:56 | 000,158,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.28 13:15:16 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.02.28 13:15:16 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.10.13 19:37:30 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.13 17:52:50 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.31 15:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.08.31 15:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.08.04 05:57:04 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.07.25 19:25:59 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.25 19:25:59 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.05.10 01:16:08 | 000,064,312 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2011.01.31 12:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.07 05:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.01.07 05:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.01.07 05:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.01.07 05:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.01.07 05:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.01.07 05:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.01.07 05:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.12.21 19:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.12.03 03:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010.11.30 18:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.11 09:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM) DRV:64bit: - [2010.10.20 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=hp&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\...\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\...\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011.12.23 01:59:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\youlyrics@ulyrics.com: C:\Program Files (x86)\uLyrics\116.xpi [2013.07.02 08:24:08 | 000,005,783 | ---- | M] () [2013.03.21 08:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=hp&fr=linkury-tb&installDate=01/01/1970&type=hp1000 CHR - plugin: Shockwave Flash (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Free Studio (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.11.21.5_0\plugins/np-cwmp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\...\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: The West - tw-db.info Cloth Calc [de] = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\biojffhakhimdppdclpmamhajglieeia\1.0_0\ CHR - Extension: Adblock Plus = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\ CHR - Extension: The West = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkgeioneoemibpddeiamfgiofnpjifm\1.5_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (You Lyrics) - {A912F346-A598-4807-93F8-41015AC9DEF2} - C:\Program Files (x86)\uLyrics\116.dll (nanDi Software) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Iminent] File not found O4 - HKLM..\Run: [IminentMessenger] File not found O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9017505A-B4A2-4FC9-9802-308D33AC5FE7}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.02 08:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uLyrics [2013.06.27 08:03:58 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Diagnostics [5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.18 20:01:00 | 000,000,268 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job [2013.07.18 19:55:43 | 000,000,000 | ---- | M] () -- C:\Users\...\defogger_reenable [2013.07.18 19:44:11 | 000,001,144 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002UA.job [2013.07.18 19:44:06 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.07.18 19:44:05 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.07.18 19:43:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.07.18 09:26:03 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002Core.job [2013.07.18 08:32:34 | 000,028,352 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.18 08:32:34 | 000,028,352 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.18 08:31:49 | 000,000,384 | ---- | M] () -- C:\windows\tasks\You Lyrics Update.job [2013.07.18 08:07:07 | 4226,134,016 | -HS- | M] () -- C:\hiberfil.sys [2013.07.14 21:03:07 | 000,053,255 | ---- | M] () -- C:\Users\...\Desktop\sol_spo10131202-6040_pic1_1.jpg [2013.07.13 09:21:03 | 000,002,400 | ---- | M] () -- C:\Users\...\Desktop\Google Chrome.lnk [2013.07.13 08:54:12 | 000,276,904 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.07.13 08:47:30 | 001,636,028 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.07.13 08:47:30 | 000,697,322 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.07.13 08:47:30 | 000,652,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.07.13 08:47:30 | 000,148,328 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.07.13 08:47:30 | 000,121,274 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.07.12 15:00:27 | 000,016,335 | ---- | M] () -- C:\Users\...\Desktop\nistkasten-a.jpg [2013.07.12 14:54:06 | 000,013,719 | ---- | M] () -- C:\Users\...\Desktop\motivstempel2862700_220.jpg [2013.07.10 08:24:53 | 000,007,004 | ---- | M] () -- C:\Users\...\Documents\cc_20130710_082450.reg [2013.07.09 08:04:34 | 000,000,356 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor....job [2013.07.03 12:54:51 | 000,826,256 | ---- | M] () -- C:\Users\...\Desktop\FCB KidsClub Anmeldung_Download.pdf [2013.07.02 20:55:52 | 000,023,748 | ---- | M] () -- C:\Users\...\Desktop\Sonne.gif [2013.07.02 13:07:27 | 000,000,354 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor...-HP$.job [2013.07.01 14:17:27 | 000,007,816 | ---- | M] () -- C:\Users\...\Desktop\ritterwaffen4.gif [2013.06.30 13:51:38 | 000,013,148 | ---- | M] () -- C:\Users\...\Documents\cc_20130630_135134.reg [2013.06.30 13:47:54 | 000,001,158 | ---- | M] () -- C:\Users\...\Desktop\Evernote.lnk [2013.06.27 15:01:51 | 000,511,374 | ---- | M] () -- C:\Users\...\Desktop\christbaumschmuck-vorlage-stern.jpg [2013.06.27 14:57:57 | 000,058,117 | ---- | M] () -- C:\Users\...\Desktop\9309-1.jpg [2013.06.27 09:04:41 | 000,005,198 | ---- | M] () -- C:\Users\...\Documents\NewDatabase.kdbx [2013.06.24 11:13:49 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys [5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.18 19:55:43 | 000,000,000 | ---- | C] () -- C:\Users\...\defogger_reenable [2013.07.14 21:03:07 | 000,053,255 | ---- | C] () -- C:\Users\...\Desktop\sol_spo10131202-6040_pic1_1.jpg [2013.07.12 15:00:27 | 000,016,335 | ---- | C] () -- C:\Users\...\Desktop\nistkasten-a.jpg [2013.07.12 14:54:05 | 000,013,719 | ---- | C] () -- C:\Users\...\Desktop\motivstempel2862700_220.jpg [2013.07.10 08:24:51 | 000,007,004 | ---- | C] () -- C:\Users\...\Documents\cc_20130710_082450.reg [2013.07.03 12:54:50 | 000,826,256 | ---- | C] () -- C:\Users\...\Desktop\FCB KidsClub Anmeldung_Download.pdf [2013.07.02 20:55:51 | 000,023,748 | ---- | C] () -- C:\Users\...\Desktop\Sonne.gif [2013.07.02 08:24:08 | 000,000,384 | ---- | C] () -- C:\windows\tasks\You Lyrics Update.job [2013.07.01 14:17:25 | 000,007,816 | ---- | C] () -- C:\Users\...\Desktop\ritterwaffen4.gif [2013.06.30 13:51:37 | 000,013,148 | ---- | C] () -- C:\Users\...\Documents\cc_20130630_135134.reg [2013.06.30 13:47:54 | 000,001,158 | ---- | C] () -- C:\Users\...\Desktop\Evernote.lnk [2013.06.27 15:01:51 | 000,511,374 | ---- | C] () -- C:\Users\...\Desktop\christbaumschmuck-vorlage-stern.jpg [2013.06.27 14:57:54 | 000,058,117 | ---- | C] () -- C:\Users\...\Desktop\9309-1.jpg [2013.06.01 19:30:45 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat [2013.03.29 09:03:08 | 000,114,176 | ---- | C] () -- C:\Users\...\AppData\Roaming\BabMaint.exe [2012.12.26 16:51:05 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.05.19 09:45:07 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdbhiec.sys [2012.05.19 09:27:27 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012.05.19 09:24:32 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat [2012.05.19 09:22:56 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2012.05.19 09:22:56 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2012.05.18 23:45:41 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.05.18 23:45:38 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.05.18 23:45:37 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.05.18 23:45:36 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2012.05.18 23:45:35 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2012.05.18 23:45:33 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012.05.18 23:45:33 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012.05.18 23:45:32 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.12.23 02:31:11 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdbhjda.sys [2011.12.23 02:00:14 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdbhjdi.sys [2011.12.23 01:32:29 | 001,641,654 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.10.14 00:53:18 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll [2011.10.14 00:53:02 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll [2011.09.05 09:57:34 | 000,366,136 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll [2011.08.30 10:08:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign [2011.08.30 10:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign [2011.08.30 10:08:48 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.21 08:54:54 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\BabSolution [2013.03.21 08:54:05 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Babylon [2013.01.25 17:15:57 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Canneverbe Limited [2013.05.25 11:50:31 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\CasinoOnNet [2012.08.03 12:36:49 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DigitalPersona [2013.05.27 18:04:01 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoft [2013.05.27 18:03:53 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers [2013.07.12 11:34:06 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\eM Client [2012.12.26 19:33:28 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\IDT [2012.12.04 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\JDownloaderDownloadManagerPackages [2013.07.18 08:51:57 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\KeePass [2013.05.27 18:04:00 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\OpenCandy [2013.07.14 22:41:09 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\SoftGrid Client [2012.09.03 20:09:22 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Sports Interactive [2012.08.03 13:03:08 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Synaptics [2013.02.25 12:29:31 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TP [2012.09.21 09:11:37 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TuneUp Software [2012.08.15 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.07.2013 19:58:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,94 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 44,34% Memory free
7,87 Gb Paging File | 4,90 Gb Available in Paging File | 62,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 571,86 Gb Total Space | 501,29 Gb Free Space | 87,66% Space Free | Partition Type: NTFS
Drive E: | 19,02 Gb Total Space | 2,90 Gb Free Space | 15,25% Space Free | Partition Type: NTFS
Drive F: | 4,98 Gb Total Space | 2,10 Gb Free Space | 42,22% Space Free | Partition Type: FAT32
Computer Name: ...-HP | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09D5E92C-9791-405E-A0A1-B73C546CB6D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A66CA2F-2822-46A9-B673-01CEBCB0B63B}" = lport=138 | protocol=17 | dir=in | app=system |
"{0C6D07A8-69DF-4038-AF80-E7966D4B95CB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{32367CD7-45D4-4E6E-A3BB-FFD5EC51894A}" = rport=137 | protocol=17 | dir=out | app=system |
"{4DACD88F-3D47-49FC-81EF-90EC7E64A13F}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B73E510-A817-40B7-937F-6E1CBFA227B2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5F2746D2-77AF-49D8-89F3-8329D5C0B04B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67FA5E85-ADF6-46E0-BDE6-C9BE8324A600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F2E5DBC-58F1-40C4-B703-FB8FA5D0DD95}" = lport=139 | protocol=6 | dir=in | app=system |
"{825328EA-FBFE-4E2D-A611-202DA339AAD9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D1E0E91-816E-4591-8E49-398DD4D99F00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D82F385-8F1A-4690-A05C-CFB3E783FB5B}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E04BE72-AA66-49FF-B214-4E779E5C8D55}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A35FFDDC-57F9-4B2E-B033-34354A8DCCCC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A935EB7A-C213-4B74-9677-B703D62808FE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AAFFA943-7250-469A-9357-D8A2D670FE9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC0A3931-9A2E-44E0-A864-1FF6093444A3}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC7EF3E1-4A8B-4B9B-96C0-CC21988EAF28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BD4A620D-5172-4205-A303-2750360B1325}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D41BE5BE-0A6A-42BC-AEE8-F23C48E22DC7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E591F675-0766-4445-9BB8-9305D4D8E9F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDE40917-51BD-429A-BD19-E0229A8CD685}" = rport=445 | protocol=6 | dir=out | app=system |
"{F3404970-E343-45B5-A8A8-06C82A1B82BE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{138B5B7A-71E1-4749-A64E-3AF23EA28B0E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D37D19F-C842-42CE-B41F-D34F8D60C676}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{228F815F-8F6A-43C1-9354-0917227BCF2C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{268C4A6C-0DCE-41B9-A312-C57A7E56A51A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{333627FA-501F-418B-9C71-F64C9EE00B23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47C0F99A-1EC7-43B3-8DF6-A9AC8C3840A1}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{51262582-3F16-4931-AA57-9459F5BDA7E0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{51F48D5C-9878-473E-9925-68527BE64635}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52675932-A25B-43EF-8BB6-4F49E6D7110F}" = protocol=6 | dir=out | app=system |
"{58B364E8-59D6-4CC3-BB5E-8C78233BAEBF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6000FB83-B7AD-4F8B-9310-DA429E39818F}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{61EA9F9B-2B12-44F5-8A83-03BE4356C04E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6621751D-47AC-41BD-8641-D1FDDB34827F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{699AAB7B-E805-4E74-98AB-B6DC1DFC60E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BCD83A3-C1B9-4940-A194-50094E707A84}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BD543F4-FE5E-4117-BAF5-973C1A1D5F27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70332A3D-D72D-45E7-9587-E2FEE198C27D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{754F4F05-7B29-4D81-A636-6398A6BD2156}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{75A19065-15DA-4206-9714-8158A0A69143}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7C69DCED-EC5A-4EF5-823F-0A4F4E3CA271}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7EA49265-CD52-4477-A4DE-8F8DC1CA8F54}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8298B7C2-8F0F-475A-B35F-3D3981AE2407}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{8B574BC1-1884-43D5-B5CD-DD120C95CFD9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9F52E307-B6E5-4437-BE59-693C10947B30}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A613DC2C-67A2-4CBB-81D4-3DA73F8B137E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1BAF092-EEF4-4F4E-B335-5D0736EE2703}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E55A3DDC-F271-40EC-A9E1-00DDF2E18D8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC1BAF52-F6FC-4FB7-B649-CDC6A06954CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FBB69027-E26F-46AC-AC77-9FA7E4F2DC30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF4648AF-6AF4-4759-A48D-91D79F6DB316}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2E432B60-2AD4-4F05-BD95-4C6308D34AAB}C:\users\...\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\...\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{5B3BBD01-48FC-41D5-AA60-C91199221D04}C:\users\...\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\...\appdata\local\google\chrome\application\chrome.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03520551-508E-EDCA-4A14-90C706A54A41}" = AMD Catalyst Install Manager
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2C233758-BD55-8F3F-4BBE-0A11B833CB96}" = ccc-utility64
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3D2D0DB9-5199-4A77-B6D3-646693FAE63C}" = AMD Media Foundation Decoders
"{422BA615-2133-4DC0-8673-09C8CC7557F2}" = HP ProtectTools Security Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65C1BEAD-B50B-498C-BB6B-CDE4F30584B1}" = HP 3D DriveGuard
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{8BE2A226-3A4A-4CB5-AC13-0207F83CACA1}" = Studie zur Verbesserung von HP Deskjet 3050A J611 series Produkten
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}" = Privacy Manager for HP ProtectTools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{D8057953-CCF0-48B3-B61D-762C580B2A10}" = HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät
"{D9355D03-2C06-401B-8A16-F6500379AE21}" = HP Power Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver
"CCleaner" = CCleaner
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D02198-001C-FB17-9280-756444349E29}" = CCC Help Portuguese
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{110A6D3A-A966-992B-173F-6D4A6A93A7F3}" = CCC Help Chinese Traditional
"{118D6CE9-5F18-42F9-958A-14676A629FDE}" = Iminent
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D899D7-CF47-8DEC-4976-F8CB8DAD6C61}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2396EE07-88BE-67F0-229D-E46088C86AC1}" = Catalyst Control Center Graphics Previews Common
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3327995E-0937-0BB1-F258-711F165E096F}" = CCC Help Japanese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3A53DC94-79F4-2141-772A-569A7FCD38A9}" = Catalyst Control Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F437675-F102-4866-BDE1-FFFC7B45EC0B}" = HP QuickWeb
"{4114A073-7385-4742-8A5E-A5788FAC838F}" = ArcSoft TotalMedia
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48B40F85-4F69-456F-82EB-E3DCCA15E9F0}" = CCC Help Finnish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{501B8F04-368E-A540-2E46-19A44FDF7109}" = Catalyst Control Center Profiles Mobile
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DF24781-FA89-2E36-3FDE-D3974BCB5675}" = CCC Help Danish
"{610C146B-F818-BD30-C0F1-7D6E46EEC025}" = CCC Help Spanish
"{6357258D-2BF9-49E7-A9EF-0C609D52C46D}" = HP ESU for Microsoft Windows 7
"{638FCD4E-0EA4-4EC2-6C06-FC1A06BAB336}" = CCC Help Korean
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{670B9685-76B4-0E94-99F8-92FCBFAF3547}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{692C218E-34B2-1D36-670D-9AB3A8D107BC}" = CCC Help Chinese Standard
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A822F2F-8C69-4095-8B18-32326C49B0ED}" = CCC Help Swedish
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
"{7C62B5F1-938A-50F9-78AF-4143E9604507}" = CCC Help Czech
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96F82870-A977-2AE6-BAF0-04B143412099}" = CCC Help Hungarian
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Hilfe
"{99BBECCE-5865-B26C-912A-0B339081F799}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1525FFC-6691-BCC7-CBFF-CDCF47BC606C}" = CCC Help Greek
"{B2506DF2-78E6-8C09-A40D-EA92DB0FA5F0}" = CCC Help Russian
"{B6B16F49-0533-8772-7C20-09C241847185}" = CCC Help Turkish
"{B78F6C6D-3EFB-B64D-FE49-C6318FDD116E}" = CCC Help German
"{B975C052-531D-97C0-AB47-EB6BA7620887}" = Catalyst Control Center Localization All
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C33240AB-1F4B-4DE2-B1C7-54E0A182BB5D}" = Catalyst Control Center - Branding
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6A49140-A2D9-4CA4-BB92-2E1C8CBB6E16}" = HP Documentation
"{C7DF9961-9EB4-B130-D201-BE71591673F9}" = CCC Help French
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D26F9059-EDE3-4C80-B793-04AE9143F779}" = eM Client
"{D2A2E5CD-801A-4B8D-8119-F79449A09B67}" = HP System Default Settings
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB94388C-62E9-570D-2BD6-90864F7E1282}" = PX Profile Update
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E328DF8F-CD40-DE5A-E9D0-4367EBA5BD25}" = CCC Help Thai
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7EA2C61-4E65-AD62-B151-D517F37AFB80}" = CCC Help Polish
"{EAD66E57-B386-DB10-29F9-A5A75BC60952}" = CCC Help Dutch
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD53BD91-BAA5-2F85-315D-CD3816A280A6}" = CCC Help Italian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"5513-1208-7298-9440" = JDownloader 0.9
"888casino" = 888casino
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"Avira AntiVir Desktop" = Avira Internet Security
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"HP Photo Creations" = HP Photo Creations
"IMBoosterARP" = Iminent
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF Complete" = PDF Complete Special Edition
"VIP Access SDK" = VIP Access SDK x64(1.0.0.50)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087380" = John Deere Drive Green
"WT087428" = Bejeweled 2 Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089362" = Agatha Christie - Peril at End House
"XobniMain" = Xobni
"youlyrics@ulyrics.com" = You Lyrics
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"JDownloader Download Manager Packages" = JDownloader Download Manager Packages
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.04.2013 04:50:54 | Computer Name = ...-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5102
Error - 25.04.2013 00:04:11 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 00:26:21 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 04:27:00 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 13:17:13 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 22:49:38 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2013 15:28:30 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 27.04.2013 01:32:11 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 28.04.2013 13:35:16 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 28.04.2013 13:35:17 | Computer Name = ...-HP | Source = XobniService | ID = 0
Description = Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
[ Hewlett-Packard Events ]
Error - 29.04.2013 02:18:13 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 06.05.2013 02:57:41 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 13.05.2013 05:18:15 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 21.05.2013 01:41:16 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 27.05.2013 05:07:35 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 03.06.2013 02:30:28 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 17.06.2013 11:48:17 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: TargetSite: Void UpdateAndDetect()
Error - 24.06.2013 02:52:38 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 01.07.2013 03:20:08 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 08.07.2013 04:34:55 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: TargetSite: Void UpdateAndDetect()
[ HP Connection Manager Events ]
Error - 12.07.2013 15:20:32 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/12 21:20:32.565|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 13.07.2013 02:51:25 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/13 08:51:25.749|00001C3C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 13.07.2013 02:52:24 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/13 08:52:24.842|00001C3C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 13.07.2013 05:12:27 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/13 11:12:27.252|00001958|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 14.07.2013 16:41:27 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/14 22:41:27.685|00000B08|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15.07.2013 01:13:05 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/15 07:13:05.759|00001EC8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15.07.2013 15:08:16 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/15 21:08:16.333|00001E24|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15.07.2013 15:08:19 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/15 21:08:19.885|00001E24|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 17.07.2013 03:51:46 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/17 09:51:46.632|000019E4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 17.07.2013 14:41:13 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/17 20:41:13.379|00000C6C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
[ HP Power Assistant Events ]
Error - 28.06.2013 08:01:48 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 29.06.2013 00:44:09 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 29.06.2013 08:58:55 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 29.06.2013 17:44:01 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 30.06.2013 03:04:30 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 01.07.2013 01:42:12 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 02.07.2013 02:25:59 | Computer Name = ...-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS Level value needs to be an integer between 0 and 100, got 112UpdateBatteryPredictions()
has bad values. Check PMCCapabilities.XML and PMCData.XML if in emulation mode
Error - 02.07.2013 02:26:58 | Computer Name = ...-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS Level value needs to be an integer between 0 and 100, got 110UpdateBatteryPredictions()
has bad values. Check PMCCapabilities.XML and PMCData.XML if in emulation mode
Error - 02.07.2013 02:27:58 | Computer Name = ...-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS Level value needs to be an integer between 0 and 100, got 109UpdateBatteryPredictions()
has bad values. Check PMCCapabilities.XML and PMCData.XML if in emulation mode
Error - 02.07.2013 02:28:58 | Computer Name = ...-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS Level value needs to be an integer between 0 and 100, got 108UpdateBatteryPredictions()
has bad values. Check PMCCapabilities.XML and PMCData.XML if in emulation mode
[ HP Software Framework Events ]
Error - 08.06.2013 23:29:19 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.09 05:29:19.731|00001A54|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 08.06.2013 23:29:20 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.09 05:29:20.105|00001A54|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
nicht auf eine Objektinstanz festgelegt.
Error - 12.06.2013 04:58:09 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.12 10:58:09.023|00001B54|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 12.06.2013 04:58:09 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.12 10:58:09.085|00001B54|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
nicht auf eine Objektinstanz festgelegt.
Error - 12.06.2013 23:34:10 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.13 05:34:10.536|000012CC|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 12.06.2013 23:34:11 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.13 05:34:11.050|000012CC|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
nicht auf eine Objektinstanz festgelegt.
Error - 24.06.2013 05:55:46 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.24 11:55:46.145|00001F5C|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 29.06.2013 15:54:58 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.29 21:54:58.402|00001238|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 29.06.2013 15:54:58 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.29 21:54:58.699|00001238|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
nicht auf eine Objektinstanz festgelegt.
Error - 08.07.2013 14:17:03 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.07.08 20:17:03.080|000012D0|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
[ System Events ]
Error - 17.07.2013 02:31:03 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 17.07.2013 02:31:40 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 17.07.2013 03:51:30 | Computer Name = ...-HP | Source = DCOM | ID = 10010
Description =
Error - 17.07.2013 11:47:23 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 17.07.2013 11:47:23 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 17.07.2013 11:48:08 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 17.07.2013 14:41:07 | Computer Name = ...-HP | Source = DCOM | ID = 10010
Description =
Error - 18.07.2013 02:08:21 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 18.07.2013 02:08:21 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 18.07.2013 02:08:51 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-18 20:49:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\GERDKU~1\AppData\Local\Temp\kfdiraoc.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000071fc11a8 2 bytes [FC, 71]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000071fc13a8 2 bytes [FC, 71]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000071fc1422 2 bytes [FC, 71]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000071fc1498 2 bytes [FC, 71]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000070a61b41 2 bytes [A6, 70]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000070a61be8 2 bytes [A6, 70]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000070a61c20 2 bytes [A6, 70]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000070a61cd2 2 bytes [A6, 70]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000070a61cf2 2 bytes [A6, 70]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e51465 2 bytes [E5, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e514bb 2 bytes [E5, 75]
.text ... * 2
.text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4704] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e51465 2 bytes [E5, 75]
.text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4704] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e514bb 2 bytes [E5, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[6284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e51465 2 bytes [E5, 75]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[6284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e514bb 2 bytes [E5, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d571a7bab
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d571a7bab (not active ControlSet)
---- EOF - GMER 2.1 ----
Danke Geändert von GerdKueller (18.07.2013 um 19:54 Uhr) |
|
18.07.2013, 20:36
| #2 |
| /// the machine /// TB-Ausbilder    | Trojaner eingefangen? Avira sagt TR/Vundo hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
18.07.2013, 21:07
| #3 |
| | Trojaner eingefangen? Avira sagt TR/VundoFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by ... (administrator) on 18-07-2013 22:04:21
Running from C:\Users\...\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\windows\system32\vcsFPService.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(DigitalPersona, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\...\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\...\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\...\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\...\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-08-16] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-07] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-07] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-08-16] (IDT, Inc.)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2996792 2011-07-15] (Hewlett-Packard Company)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKCU\...\Run: [GoogleChromeAutoLaunch_AAFC616226BCC3127F5CDD44D42DFCFD] - C:\Users\...\AppData\Local\Google\Chrome\Application\chrome.exe [846288 2013-07-12] (Google Inc.)
HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKCU\...\Run: [Google Update] - C:\Users\...\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-03] (Google Inc.)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DTRun] - c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [KeePass 2 PreLoad] - "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [Iminent] - [x]
HKLM-x32\...\Run: [IminentMessenger] - [x]
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=hp&fr=linkury-tb&installDate=01/01/1970&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: You Lyrics - {A912F346-A598-4807-93F8-41015AC9DEF2} - C:\Program Files (x86)\uLyrics\116.dll (nanDi Software)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=hp&fr=linkury-tb&installDate=01/01/1970&type=hp1000
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchURL: (Web) - hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\...\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\...\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\...\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\...\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Free Studio) - C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.11.21.5_0\plugins/np-cwmp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\...\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (The West - tw-db.info Cloth Calc [de]) - C:\Users\GERDKU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\biojffhakhimdppdclpmamhajglieeia\1.0_0
CHR Extension: (Adblock Plus) - C:\Users\GERDKU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0
CHR Extension: (The West) - C:\Users\GERDKU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkgeioneoemibpddeiamfgiofnpjifm\1.5_0
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [654392 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-04-05] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)
==================== Drivers (Whitelisted) ====================
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-10] (Hewlett-Packard Company)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-04-05] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-04-05] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-18 22:04 - 2013-07-18 22:04 - 00000000 ____D C:\FRST
2013-07-18 22:03 - 2013-07-18 22:03 - 01778209 _____ (Farbar) C:\Users\...\Downloads\FRST64.exe
2013-07-18 20:49 - 2013-07-18 20:49 - 00004114 _____ C:\Users\...\Desktop\gmer.txt
2013-07-18 20:14 - 2013-07-18 20:14 - 00377856 _____ C:\Users\...\Desktop\gmer_2.1.19163.exe
2013-07-18 20:05 - 2013-07-18 20:05 - 00100260 _____ C:\Users\...\Downloads\Extras.Txt
2013-07-18 20:04 - 2013-07-18 20:04 - 00108656 _____ C:\Users\...\Downloads\OTL.Txt
2013-07-18 19:57 - 2013-07-18 19:57 - 00602112 _____ (OldTimer Tools) C:\Users\...\Downloads\OTL.exe
2013-07-18 19:55 - 2013-07-18 19:55 - 00000484 _____ C:\Users\...\Downloads\defogger_disable.log
2013-07-18 19:55 - 2013-07-18 19:55 - 00000000 _____ C:\Users\...\defogger_reenable
2013-07-18 19:54 - 2013-07-18 19:54 - 00050477 _____ C:\Users\...\Downloads\Defogger.exe
2013-07-13 08:52 - 2013-07-13 08:52 - 00000000 _____ C:\windows\SysWOW64\sho9185.tmp
2013-07-13 08:42 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-13 08:42 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-13 08:42 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-13 08:42 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-13 08:42 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-13 08:42 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-13 08:42 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-13 08:42 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-13 08:42 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-13 08:42 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-13 08:42 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-13 08:42 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-13 08:42 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-13 08:42 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-13 08:42 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-13 08:42 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-13 08:42 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-13 08:42 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-13 08:42 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-13 08:42 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-13 08:42 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-13 08:42 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-13 08:42 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-13 08:42 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-13 08:42 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-13 08:42 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-13 08:42 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-13 08:42 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 08:42 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-13 08:42 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-13 08:42 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-12 11:46 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-12 11:46 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-12 11:46 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-12 11:46 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-12 11:46 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-12 11:46 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-12 11:46 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-10 08:24 - 2013-07-10 08:24 - 00007004 _____ C:\Users\...\Documents\cc_20130710_082450.reg
2013-07-02 08:24 - 2013-07-18 21:09 - 00000384 _____ C:\windows\Tasks\You Lyrics Update.job
2013-07-02 08:24 - 2013-07-02 08:24 - 00003044 _____ C:\windows\System32\Tasks\You Lyrics Update
2013-07-02 08:24 - 2013-07-02 08:24 - 00000000 ____D C:\Program Files (x86)\uLyrics
2013-06-30 13:51 - 2013-06-30 13:51 - 00013148 _____ C:\Users\...\Documents\cc_20130630_135134.reg
2013-06-30 13:47 - 2013-06-30 13:47 - 00001158 _____ C:\Users\...\Desktop\Evernote.lnk
2013-06-30 11:39 - 2013-06-30 11:39 - 01417572 _____ C:\Users\...\Downloads\Ritterburg in m.skp
2013-06-30 11:39 - 2013-06-30 11:39 - 00850277 _____ C:\Users\...\Downloads\Ritterburg-TCW.zip
2013-06-20 06:49 - 2013-06-20 06:49 - 00000000 _____ C:\windows\SysWOW64\sho19B2.tmp
==================== One Month Modified Files and Folders =======
2013-07-18 22:04 - 2013-07-18 22:04 - 00000000 ____D C:\FRST
2013-07-18 22:03 - 2013-07-18 22:03 - 01778209 _____ (Farbar) C:\Users\...\Downloads\FRST64.exe
2013-07-18 22:01 - 2012-12-26 16:52 - 00000268 _____ C:\windows\Tasks\HP Photo Creations Messager.job
2013-07-18 22:00 - 2012-05-19 09:28 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-07-18 21:26 - 2012-08-03 13:06 - 00001144 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002UA.job
2013-07-18 21:16 - 2012-11-12 08:11 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-18 21:14 - 2009-07-14 06:45 - 00028352 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-18 21:14 - 2009-07-14 06:45 - 00028352 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-18 21:10 - 2012-05-19 09:12 - 01413210 _____ C:\windows\WindowsUpdate.log
2013-07-18 21:09 - 2013-07-02 08:24 - 00000384 _____ C:\windows\Tasks\You Lyrics Update.job
2013-07-18 21:06 - 2011-12-23 02:04 - 00000000 ____D C:\ProgramData\PDFC
2013-07-18 21:06 - 2011-12-23 02:00 - 00000000 ____D C:\ProgramData\HPQLOG
2013-07-18 21:05 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-18 20:49 - 2013-07-18 20:49 - 00004114 _____ C:\Users\...\Desktop\gmer.txt
2013-07-18 20:14 - 2013-07-18 20:14 - 00377856 _____ C:\Users\...\Desktop\gmer_2.1.19163.exe
2013-07-18 20:05 - 2013-07-18 20:05 - 00100260 _____ C:\Users\...\Downloads\Extras.Txt
2013-07-18 20:04 - 2013-07-18 20:04 - 00108656 _____ C:\Users\...\Downloads\OTL.Txt
2013-07-18 19:57 - 2013-07-18 19:57 - 00602112 _____ (OldTimer Tools) C:\Users\...\Downloads\OTL.exe
2013-07-18 19:55 - 2013-07-18 19:55 - 00000484 _____ C:\Users\...\Downloads\defogger_disable.log
2013-07-18 19:55 - 2013-07-18 19:55 - 00000000 _____ C:\Users\...\defogger_reenable
2013-07-18 19:55 - 2012-08-03 12:36 - 00000000 ____D C:\Users\...
2013-07-18 19:54 - 2013-07-18 19:54 - 00050477 _____ C:\Users\...\Downloads\Defogger.exe
2013-07-18 09:26 - 2012-08-03 13:06 - 00001092 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002Core.job
2013-07-18 09:16 - 2012-08-03 13:02 - 00003978 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{477BB218-5673-4B91-8753-26F31D84FD21}
2013-07-18 08:51 - 2013-03-21 08:55 - 00000000 ____D C:\Users\...\AppData\Roaming\KeePass
2013-07-16 09:21 - 2012-08-03 13:06 - 00004126 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002UA
2013-07-16 09:21 - 2012-08-03 13:06 - 00003730 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002Core
2013-07-14 22:41 - 2013-02-25 12:29 - 00000000 ____D C:\Users\...\AppData\Roaming\SoftGrid Client
2013-07-13 09:23 - 2011-02-11 07:14 - 00000000 ____D C:\windows\Panther
2013-07-13 09:21 - 2012-08-03 13:07 - 00002400 _____ C:\Users\...\Desktop\Google Chrome.lnk
2013-07-13 08:54 - 2009-07-14 06:45 - 00276904 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-13 08:53 - 2013-03-13 14:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 08:53 - 2013-03-13 14:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 08:52 - 2013-07-13 08:52 - 00000000 _____ C:\windows\SysWOW64\sho9185.tmp
2013-07-13 08:51 - 2011-02-11 06:47 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 08:51 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 08:51 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 08:47 - 2011-12-23 00:48 - 00697322 _____ C:\windows\system32\perfh007.dat
2013-07-13 08:47 - 2011-12-23 00:48 - 00148328 _____ C:\windows\system32\perfc007.dat
2013-07-13 08:47 - 2009-07-14 07:13 - 01636028 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-13 08:44 - 2012-08-03 13:45 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-12 11:34 - 2013-06-02 22:11 - 00000000 ____D C:\Users\...\AppData\Roaming\eM Client
2013-07-10 08:24 - 2013-07-10 08:24 - 00007004 _____ C:\Users\...\Documents\cc_20130710_082450.reg
2013-07-09 08:04 - 2013-05-27 11:08 - 00000356 _____ C:\windows\Tasks\HPCeeScheduleFor....job
2013-07-08 10:35 - 2013-05-27 11:08 - 00003222 _____ C:\windows\System32\Tasks\HPCeeScheduleFor...
2013-07-03 15:40 - 2012-08-09 18:04 - 00000000 ____D C:\Users\...\Bilder
2013-07-02 13:07 - 2012-08-03 12:36 - 00003230 _____ C:\windows\System32\Tasks\HPCeeScheduleFor...-HP$
2013-07-02 13:07 - 2012-08-03 12:36 - 00000354 _____ C:\windows\Tasks\HPCeeScheduleFor...-HP$.job
2013-07-02 08:24 - 2013-07-02 08:24 - 00003044 _____ C:\windows\System32\Tasks\You Lyrics Update
2013-07-02 08:24 - 2013-07-02 08:24 - 00000000 ____D C:\Program Files (x86)\uLyrics
2013-07-02 08:24 - 2013-04-24 08:28 - 00000000 ____D C:\Program Files (x86)\LyricStar
2013-06-30 13:51 - 2013-06-30 13:51 - 00013148 _____ C:\Users\...\Documents\cc_20130630_135134.reg
2013-06-30 13:49 - 2013-05-11 20:24 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2013-06-30 13:48 - 2013-05-11 20:25 - 00000000 ____D C:\Users\GERDKU~1\AppData\Local\PokerStars.EU
2013-06-30 13:48 - 2012-08-03 13:02 - 00000000 ___RD C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-30 13:47 - 2013-06-30 13:47 - 00001158 _____ C:\Users\...\Desktop\Evernote.lnk
2013-06-30 11:39 - 2013-06-30 11:39 - 01417572 _____ C:\Users\...\Downloads\Ritterburg in m.skp
2013-06-30 11:39 - 2013-06-30 11:39 - 00850277 _____ C:\Users\...\Downloads\Ritterburg-TCW.zip
2013-06-28 19:48 - 2013-05-23 21:37 - 00000000 ____D C:\windows\Minidump
2013-06-27 14:58 - 2012-08-03 13:03 - 00000000 ____D C:\Users\GERDKU~1\AppData\Local\PDFC
2013-06-27 09:04 - 2013-03-21 09:08 - 00005198 _____ C:\Users\...\Documents\NewDatabase.kdbx
2013-06-27 08:04 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-06-24 11:13 - 2013-05-02 14:25 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-06-20 06:49 - 2013-06-20 06:49 - 00000000 _____ C:\windows\SysWOW64\sho19B2.tmp
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-16 12:58
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by ... at 2013-07-18 22:05:30
Running from C:\Users\...\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
888casino (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AMD APP SDK Runtime (Version: 2.5.793.1)
AMD Catalyst Install Manager (Version: 3.0.851.0)
AMD Media Foundation Decoders (Version: 1.0.61013.1636)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft TotalMedia (x32 Version: 1.0.48.25)
ArcSoft TotalMedia (x32 Version: 2.0.39.12)
ArcSoft Webcam Sharing Manager (x32 Version: 2.0.0.30)
Atheros Driver Installation Program (x32 Version: 9.2)
Avira Internet Security (x32 Version: 13.0.0.3737)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Bluetooth Win7 Suite (64) (Version: 7.02.000.55)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.1013.1702.28713)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1013.1702.28713)
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.1702.28713)
Catalyst Control Center Localization All (x32 Version: 2011.1013.1702.28713)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1013.1702.28713)
CCC Help Chinese Standard (x32 Version: 2011.1013.1701.28713)
CCC Help Chinese Traditional (x32 Version: 2011.1013.1701.28713)
CCC Help Czech (x32 Version: 2011.1013.1701.28713)
CCC Help Danish (x32 Version: 2011.1013.1701.28713)
CCC Help Dutch (x32 Version: 2011.1013.1701.28713)
CCC Help English (x32 Version: 2011.1013.1701.28713)
CCC Help Finnish (x32 Version: 2011.1013.1701.28713)
CCC Help French (x32 Version: 2011.1013.1701.28713)
CCC Help German (x32 Version: 2011.1013.1701.28713)
CCC Help Greek (x32 Version: 2011.1013.1701.28713)
CCC Help Hungarian (x32 Version: 2011.1013.1701.28713)
CCC Help Italian (x32 Version: 2011.1013.1701.28713)
CCC Help Japanese (x32 Version: 2011.1013.1701.28713)
CCC Help Korean (x32 Version: 2011.1013.1701.28713)
CCC Help Norwegian (x32 Version: 2011.1013.1701.28713)
CCC Help Polish (x32 Version: 2011.1013.1701.28713)
CCC Help Portuguese (x32 Version: 2011.1013.1701.28713)
CCC Help Russian (x32 Version: 2011.1013.1701.28713)
CCC Help Spanish (x32 Version: 2011.1013.1701.28713)
CCC Help Swedish (x32 Version: 2011.1013.1701.28713)
CCC Help Thai (x32 Version: 2011.1013.1701.28713)
CCC Help Turkish (x32 Version: 2011.1013.1701.28713)
ccc-utility64 (Version: 2011.1013.1702.28713)
CDBurnerXP (x32 Version: 4.5.0.3717)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
D3DX10 (x32 Version: 15.4.2368.0902)
Delta Chrome Toolbar (x32)
Device Access Manager for HP ProtectTools (Version: 6.1.0.1)
Drive Encryption For HP ProtectTools (Version: 6.0.99.30652)
eaner (Version: 3.21)
eM Client (x32 Version: 5.0.17595.0)
Energy Star Digital Logo (x32 Version: 1.0.1)
Face Recognition for HP ProtectTools (Version: 6.00.4407)
Farm Frenzy (x32 Version: 2.2.0.95)
File Sanitizer For HP ProtectTools (x32 Version: 6.0.0.8)
Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430)
Full Tilt Poker.Eu (x32 Version: 4.59.11.WIN.FullTilt.EU)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (HKCU Version: 28.0.1500.72)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.1.14.1)
HP Auto (Version: 1.0.12494.3472)
HP Connection Manager (x32 Version: 4.1.22.1)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (Version: 25.0.571.0)
HP Deskjet 3050A J611 series Hilfe (x32 Version: 140.0.2.2)
HP Documentation (x32 Version: 1.3.0.0)
HP ESU for Microsoft Windows 7 (x32 Version: 2.0.6.1)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.5)
HP Hotkey Support (x32 Version: 4.6.4.1)
HP Photo Creations (x32 Version: 1.0.0.5192)
HP Power Assistant (Version: 2.1.0.6)
HP ProtectTools Security Manager (Version: 6.00.888)
HP QuickWeb (x32 Version: 3.1.2.10229)
HP Setup (x32 Version: 8.5.4526.3645)
HP SoftPaq Download Manager (x32 Version: 3.2.0.0)
HP Software Framework (x32 Version: 4.5.12.1)
HP Software Setup (x32 Version: 8.2.1.1)
HP Support Assistant (x32 Version: 6.1.12.1)
HP System Default Settings (x32 Version: 2.3.1.2)
HP Update (x32 Version: 5.003.001.001)
HP Wallpaper (x32 Version: 2.00)
HP Webcam Driver (x32 Version: 5.8.50058.0)
HPDiagnosticAlert (x32 Version: 1.00.0000)
IDT Audio (x32 Version: 1.0.6367.0)
Iminent (x32 Version: 6.4.56.0)
Intel(R) Identity Protection Technology 1.0.71.0 (x32 Version: 1.0.71.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
iTunes (Version: 11.0.3.42)
JDownloader 0.9 (x32 Version: 0.9)
JDownloader Download Manager Packages (HKCU)
Jewel Quest II (x32 Version: 2.2.0.95)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
JMicron Flash Media Controller Driver (x32 Version: 1.0.57.2)
John Deere Drive Green (x32 Version: 2.2.0.95)
KeePass Password Safe 2.22 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC90_CRT_x86 (x32 Version: 1.0.0)
MSVCRT (x32 Version: 15.4.2862.0708)
PDF Complete Special Edition (x32 Version: 4.0.64)
PDF24 Creator 5.4.0 (x32)
Privacy Manager for HP ProtectTools (Version: 6.00.831)
PX Profile Update (x32 Version: 1.00.1.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 1.12.0016)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
SDK (x32 Version: 2.26.012)
Studie zur Verbesserung von HP Deskjet 3050A J611 series Produkten (Version: 25.0.571.0)
Synaptics Pointing Device Driver (Version: 16.0.3.0)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.33)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Validity Fingerprint Sensor Driver (Version: 4.3.117.0)
VIP Access SDK x64(1.0.0.50) (x32 Version: 1.0.0.50)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
WinZip 14.5 (x32 Version: 14.5.9095)
Xobni (x32 Version: 1.9.5.13282)
Xobni Core (x32 Version: 1.0.0)
You Lyrics (x32)
==================== Restore Points =========================
26-06-2013 05:55:09 Windows Update
30-06-2013 11:47:19 Removed Evernote v. 4.2.2
02-07-2013 06:28:00 Windows Update
05-07-2013 07:23:13 Windows Update
09-07-2013 06:09:47 Windows Update
12-07-2013 09:46:38 Windows Update
13-07-2013 06:32:27 Windows Update
16-07-2013 07:10:22 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {02CFDF24-2679-4079-B5D1-D1A622949348} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {32BB7A12-F956-458E-AA24-A69C556D5D93} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {42889D07-7E52-475D-84C1-25058CFC83AA} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {4DA571A8-11E9-402D-8D1F-21F3BE833308} - System32\Tasks\HPCeeScheduleFor...-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {4E8277B0-66F2-40B5-9175-00EE0CADBA38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {54CF2057-7A24-452F-9AD8-158E31F40E6E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {57B11EC9-3A23-4D33-A358-EAD7FAE5E7AF} - System32\Tasks\HPCeeScheduleFor... => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5BFFB0CE-551E-44D9-AF67-D7378AF59CB5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {6C46E945-90B5-4B7F-9751-E9CBC6E0B025} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002UA => C:\Users\...\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03] (Google Inc.)
Task: {75260CB0-8A87-47E1-BE58-933B5DA6E057} - System32\Tasks\Google Updater and Installer => C:\Users\...\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03] (Google Inc.)
Task: {77A105B2-4C99-446E-82CE-1EF22EA7DB98} - System32\Tasks\EPUpdater => C:\Users\GERDKU~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-02-25] ()
Task: {832B9E2B-3B7E-4CB0-AD74-5FA7B5016DCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {97E07920-7682-4779-A72B-C93A15B24AB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {A204639D-DC7C-4450-843D-BCF0C3B34E8E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {B74F0623-F2CA-4586-8954-6242F0C48AA4} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {C6F08E71-5358-4382-8A2C-F7C51A51F60A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2013-02-19] (Hewlett-Packard)
Task: {E30ADA0E-A441-4666-9F55-DA65B0509DD3} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3657930280-3738987984-27973596-1002 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {E32E7ADB-2A68-4CC2-B2E0-9901E7F4000F} - System32\Tasks\User_Feed_Synchronization-{477BB218-5673-4B91-8753-26F31D84FD21} => C:\windows\system32\msfeedssync.exe [2013-03-01] (Microsoft Corporation)
Task: {F3873761-232B-420B-ABED-4EBEA33703FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F4AC27E5-8A9A-45BC-A3AA-2A4F51CA7D3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002Core => C:\Users\...\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03] (Google Inc.)
Task: {F63EF6DB-8BD3-42FA-B00E-09EC3CC2C40A} - System32\Tasks\You Lyrics Update => C:\Program Files (x86)\uLyrics\ulUpdater.exe [2013-06-21] (nanDi Software)
Task: {FD8302CB-48CC-46FA-81CE-BE1D9FBC3F7F} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002Core.job => C:\Users\...\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002UA.job => C:\Users\...\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\windows\Tasks\HPCeeScheduleFor...-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleFor....job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\You Lyrics Update.job => C:\Program Files (x86)\uLyrics\ulUpdater.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2013 09:05:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/18/2013 08:08:18 AM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
System errors:
=============
Error: (07/18/2013 09:04:02 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (07/18/2013 08:53:45 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "KURT-LAPTOP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9017505A-B4A2-4FC9-9802-308D33AC5FE7}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (07/18/2013 08:08:51 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (07/18/2013 08:08:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/18/2013 08:08:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (07/17/2013 08:41:07 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (07/17/2013 05:48:08 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (07/17/2013 05:47:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/17/2013 05:47:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (07/17/2013 09:51:30 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (07/18/2013 09:05:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (07/18/2013 08:08:20 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (07/18/2013 08:08:18 AM) (Source: Windows Search Service)(User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 4030.36 MB
Available physical RAM: 1760.21 MB
Total Pagefile: 8058.89 MB
Available Pagefile: 5038.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:571.86 GB) (Free:500.9 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:19.02 GB) (Free:2.9 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.1 GB) FAT32 (Disk=0 Partition=4)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 12DEB3A0)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=572 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)
==================== End Of Log ============================
|
|
19.07.2013, 09:26
| #4 | |
| /// the machine /// TB-Ausbilder | Trojaner eingefangen? Avira sagt TR/VundoCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Linear-Darstellung
