| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen? Avira sagt TR/VundoWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.07.2013, 18:54
| #1 |
 |  Trojaner eingefangen? Avira sagt TR/Vundo Hi, hab mir wohl was eingefangen. Avira meldet TR/Vundo.A.658 in C:Users\...\Downloads\folder_depressionen_pilgerreise.zip Mehr folgt gleich... defogger --> keine Meldung / Neustart Code:
ATTFilter OTL logfile created on: 18.07.2013 19:58:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,94 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 44,34% Memory free 7,87 Gb Paging File | 4,90 Gb Available in Paging File | 62,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 571,86 Gb Total Space | 501,29 Gb Free Space | 87,66% Space Free | Partition Type: NTFS Drive E: | 19,02 Gb Total Space | 2,90 Gb Free Space | 15,25% Space Free | Partition Type: NTFS Drive F: | 4,98 Gb Total Space | 2,10 Gb Free Space | 42,22% Space Free | Partition Type: FAT32 Computer Name: ...-HP | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.18 19:57:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Downloads\OTL.exe PRC - [2013.06.24 11:13:38 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.24 11:13:14 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.06.24 11:13:07 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2013.06.24 11:13:06 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.24 11:13:06 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.24 11:13:05 | 000,654,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2013.03.20 13:55:48 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.06.20 13:57:22 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe PRC - [2012.05.16 15:27:02 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012.04.05 17:41:46 | 001,323,008 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011.05.23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011.03.16 11:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe PRC - [2011.03.16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2011.02.12 06:07:16 | 000,820,048 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2011.02.07 21:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe PRC - [2011.02.07 21:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2011.01.26 19:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.01.26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.17 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.01.17 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.12 21:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe PRC - [2011.01.07 05:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2010.11.29 21:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe ========== Modules (No Company Name) ========== MOD - [2013.07.13 09:12:03 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1773f7168685423c144d14727e45be6f\IAStorUtil.ni.dll MOD - [2013.07.13 09:12:03 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll MOD - [2013.07.13 09:00:12 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll MOD - [2013.07.13 08:59:51 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.13 08:59:46 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.13 08:59:33 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013.07.13 08:59:29 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.13 08:59:27 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.13 08:59:26 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.13 08:59:22 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2012.08.27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.12.23 00:46:31 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.09.05 09:57:34 | 000,366,136 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2012.08.16 09:43:40 | 000,308,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2012.08.16 09:43:40 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2012.04.05 17:41:46 | 001,323,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent) SRV:64bit: - [2012.02.28 13:15:16 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011.10.13 18:30:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.07.15 14:09:38 | 000,137,272 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2011.02.12 06:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2011.01.22 04:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV - [2013.06.24 11:13:38 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.24 11:13:14 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.06.24 11:13:07 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013.06.24 11:13:06 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.24 11:13:05 | 000,654,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2013.06.12 20:16:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.20 13:57:22 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2012.05.16 15:27:02 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.09.05 09:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2011.08.11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011.05.23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.03.16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2011.03.07 22:48:10 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService) SRV - [2011.02.07 21:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2011.01.26 19:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.01.22 04:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2011.01.17 21:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.01.17 21:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.12 21:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2011.01.07 05:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.01.07 05:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.11.29 21:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010.11.11 09:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture) SRV - [2010.09.30 23:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 20:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.27 14:49:23 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.27 14:49:23 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.27 14:49:23 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.12 18:16:01 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2013.02.12 18:16:01 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.16 09:43:40 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012.08.16 09:41:59 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.07.09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.04.05 18:33:24 | 000,100,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal) DRV:64bit: - [2012.04.05 18:32:56 | 000,158,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.28 13:15:16 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.02.28 13:15:16 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.10.13 19:37:30 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.13 17:52:50 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.31 15:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.08.31 15:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.08.04 05:57:04 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.07.25 19:25:59 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.25 19:25:59 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.05.10 01:16:08 | 000,064,312 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2011.01.31 12:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.07 05:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.01.07 05:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.01.07 05:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.01.07 05:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.01.07 05:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.01.07 05:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.01.07 05:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.12.21 19:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.12.03 03:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010.11.30 18:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.11 09:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM) DRV:64bit: - [2010.10.20 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=hp&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\...\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\...\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011.12.23 01:59:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\youlyrics@ulyrics.com: C:\Program Files (x86)\uLyrics\116.xpi [2013.07.02 08:24:08 | 000,005,783 | ---- | M] () [2013.03.21 08:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=01/01/1970&type=hp1000 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=12ffa5ae-ce24-44ae-a4d9-d5906989ed7f&searchtype=hp&fr=linkury-tb&installDate=01/01/1970&type=hp1000 CHR - plugin: Shockwave Flash (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Free Studio (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.11.21.5_0\plugins/np-cwmp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\...\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: The West - tw-db.info Cloth Calc [de] = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\biojffhakhimdppdclpmamhajglieeia\1.0_0\ CHR - Extension: Adblock Plus = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\ CHR - Extension: The West = C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkgeioneoemibpddeiamfgiofnpjifm\1.5_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (You Lyrics) - {A912F346-A598-4807-93F8-41015AC9DEF2} - C:\Program Files (x86)\uLyrics\116.dll (nanDi Software) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Iminent] File not found O4 - HKLM..\Run: [IminentMessenger] File not found O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9017505A-B4A2-4FC9-9802-308D33AC5FE7}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.02 08:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uLyrics [2013.06.27 08:03:58 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Diagnostics [5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.18 20:01:00 | 000,000,268 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job [2013.07.18 19:55:43 | 000,000,000 | ---- | M] () -- C:\Users\...\defogger_reenable [2013.07.18 19:44:11 | 000,001,144 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002UA.job [2013.07.18 19:44:06 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.07.18 19:44:05 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.07.18 19:43:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.07.18 09:26:03 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3657930280-3738987984-27973596-1002Core.job [2013.07.18 08:32:34 | 000,028,352 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.18 08:32:34 | 000,028,352 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.18 08:31:49 | 000,000,384 | ---- | M] () -- C:\windows\tasks\You Lyrics Update.job [2013.07.18 08:07:07 | 4226,134,016 | -HS- | M] () -- C:\hiberfil.sys [2013.07.14 21:03:07 | 000,053,255 | ---- | M] () -- C:\Users\...\Desktop\sol_spo10131202-6040_pic1_1.jpg [2013.07.13 09:21:03 | 000,002,400 | ---- | M] () -- C:\Users\...\Desktop\Google Chrome.lnk [2013.07.13 08:54:12 | 000,276,904 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.07.13 08:47:30 | 001,636,028 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.07.13 08:47:30 | 000,697,322 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.07.13 08:47:30 | 000,652,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.07.13 08:47:30 | 000,148,328 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.07.13 08:47:30 | 000,121,274 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.07.12 15:00:27 | 000,016,335 | ---- | M] () -- C:\Users\...\Desktop\nistkasten-a.jpg [2013.07.12 14:54:06 | 000,013,719 | ---- | M] () -- C:\Users\...\Desktop\motivstempel2862700_220.jpg [2013.07.10 08:24:53 | 000,007,004 | ---- | M] () -- C:\Users\...\Documents\cc_20130710_082450.reg [2013.07.09 08:04:34 | 000,000,356 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor....job [2013.07.03 12:54:51 | 000,826,256 | ---- | M] () -- C:\Users\...\Desktop\FCB KidsClub Anmeldung_Download.pdf [2013.07.02 20:55:52 | 000,023,748 | ---- | M] () -- C:\Users\...\Desktop\Sonne.gif [2013.07.02 13:07:27 | 000,000,354 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor...-HP$.job [2013.07.01 14:17:27 | 000,007,816 | ---- | M] () -- C:\Users\...\Desktop\ritterwaffen4.gif [2013.06.30 13:51:38 | 000,013,148 | ---- | M] () -- C:\Users\...\Documents\cc_20130630_135134.reg [2013.06.30 13:47:54 | 000,001,158 | ---- | M] () -- C:\Users\...\Desktop\Evernote.lnk [2013.06.27 15:01:51 | 000,511,374 | ---- | M] () -- C:\Users\...\Desktop\christbaumschmuck-vorlage-stern.jpg [2013.06.27 14:57:57 | 000,058,117 | ---- | M] () -- C:\Users\...\Desktop\9309-1.jpg [2013.06.27 09:04:41 | 000,005,198 | ---- | M] () -- C:\Users\...\Documents\NewDatabase.kdbx [2013.06.24 11:13:49 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys [5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.18 19:55:43 | 000,000,000 | ---- | C] () -- C:\Users\...\defogger_reenable [2013.07.14 21:03:07 | 000,053,255 | ---- | C] () -- C:\Users\...\Desktop\sol_spo10131202-6040_pic1_1.jpg [2013.07.12 15:00:27 | 000,016,335 | ---- | C] () -- C:\Users\...\Desktop\nistkasten-a.jpg [2013.07.12 14:54:05 | 000,013,719 | ---- | C] () -- C:\Users\...\Desktop\motivstempel2862700_220.jpg [2013.07.10 08:24:51 | 000,007,004 | ---- | C] () -- C:\Users\...\Documents\cc_20130710_082450.reg [2013.07.03 12:54:50 | 000,826,256 | ---- | C] () -- C:\Users\...\Desktop\FCB KidsClub Anmeldung_Download.pdf [2013.07.02 20:55:51 | 000,023,748 | ---- | C] () -- C:\Users\...\Desktop\Sonne.gif [2013.07.02 08:24:08 | 000,000,384 | ---- | C] () -- C:\windows\tasks\You Lyrics Update.job [2013.07.01 14:17:25 | 000,007,816 | ---- | C] () -- C:\Users\...\Desktop\ritterwaffen4.gif [2013.06.30 13:51:37 | 000,013,148 | ---- | C] () -- C:\Users\...\Documents\cc_20130630_135134.reg [2013.06.30 13:47:54 | 000,001,158 | ---- | C] () -- C:\Users\...\Desktop\Evernote.lnk [2013.06.27 15:01:51 | 000,511,374 | ---- | C] () -- C:\Users\...\Desktop\christbaumschmuck-vorlage-stern.jpg [2013.06.27 14:57:54 | 000,058,117 | ---- | C] () -- C:\Users\...\Desktop\9309-1.jpg [2013.06.01 19:30:45 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat [2013.03.29 09:03:08 | 000,114,176 | ---- | C] () -- C:\Users\...\AppData\Roaming\BabMaint.exe [2012.12.26 16:51:05 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.05.19 09:45:07 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdbhiec.sys [2012.05.19 09:27:27 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012.05.19 09:24:32 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat [2012.05.19 09:22:56 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2012.05.19 09:22:56 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2012.05.18 23:45:41 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.05.18 23:45:38 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.05.18 23:45:37 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.05.18 23:45:36 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2012.05.18 23:45:35 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2012.05.18 23:45:33 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012.05.18 23:45:33 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012.05.18 23:45:32 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.12.23 02:31:11 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdbhjda.sys [2011.12.23 02:00:14 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdbhjdi.sys [2011.12.23 01:32:29 | 001,641,654 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.10.14 00:53:18 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll [2011.10.14 00:53:02 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll [2011.09.05 09:57:34 | 000,366,136 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll [2011.08.30 10:08:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign [2011.08.30 10:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign [2011.08.30 10:08:48 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.21 08:54:54 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\BabSolution [2013.03.21 08:54:05 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Babylon [2013.01.25 17:15:57 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Canneverbe Limited [2013.05.25 11:50:31 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\CasinoOnNet [2012.08.03 12:36:49 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DigitalPersona [2013.05.27 18:04:01 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoft [2013.05.27 18:03:53 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers [2013.07.12 11:34:06 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\eM Client [2012.12.26 19:33:28 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\IDT [2012.12.04 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\JDownloaderDownloadManagerPackages [2013.07.18 08:51:57 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\KeePass [2013.05.27 18:04:00 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\OpenCandy [2013.07.14 22:41:09 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\SoftGrid Client [2012.09.03 20:09:22 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Sports Interactive [2012.08.03 13:03:08 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Synaptics [2013.02.25 12:29:31 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TP [2012.09.21 09:11:37 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TuneUp Software [2012.08.15 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.07.2013 19:58:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,94 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 44,34% Memory free
7,87 Gb Paging File | 4,90 Gb Available in Paging File | 62,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 571,86 Gb Total Space | 501,29 Gb Free Space | 87,66% Space Free | Partition Type: NTFS
Drive E: | 19,02 Gb Total Space | 2,90 Gb Free Space | 15,25% Space Free | Partition Type: NTFS
Drive F: | 4,98 Gb Total Space | 2,10 Gb Free Space | 42,22% Space Free | Partition Type: FAT32
Computer Name: ...-HP | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09D5E92C-9791-405E-A0A1-B73C546CB6D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A66CA2F-2822-46A9-B673-01CEBCB0B63B}" = lport=138 | protocol=17 | dir=in | app=system |
"{0C6D07A8-69DF-4038-AF80-E7966D4B95CB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{32367CD7-45D4-4E6E-A3BB-FFD5EC51894A}" = rport=137 | protocol=17 | dir=out | app=system |
"{4DACD88F-3D47-49FC-81EF-90EC7E64A13F}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B73E510-A817-40B7-937F-6E1CBFA227B2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5F2746D2-77AF-49D8-89F3-8329D5C0B04B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67FA5E85-ADF6-46E0-BDE6-C9BE8324A600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F2E5DBC-58F1-40C4-B703-FB8FA5D0DD95}" = lport=139 | protocol=6 | dir=in | app=system |
"{825328EA-FBFE-4E2D-A611-202DA339AAD9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D1E0E91-816E-4591-8E49-398DD4D99F00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D82F385-8F1A-4690-A05C-CFB3E783FB5B}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E04BE72-AA66-49FF-B214-4E779E5C8D55}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A35FFDDC-57F9-4B2E-B033-34354A8DCCCC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A935EB7A-C213-4B74-9677-B703D62808FE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AAFFA943-7250-469A-9357-D8A2D670FE9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC0A3931-9A2E-44E0-A864-1FF6093444A3}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC7EF3E1-4A8B-4B9B-96C0-CC21988EAF28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BD4A620D-5172-4205-A303-2750360B1325}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D41BE5BE-0A6A-42BC-AEE8-F23C48E22DC7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E591F675-0766-4445-9BB8-9305D4D8E9F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDE40917-51BD-429A-BD19-E0229A8CD685}" = rport=445 | protocol=6 | dir=out | app=system |
"{F3404970-E343-45B5-A8A8-06C82A1B82BE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{138B5B7A-71E1-4749-A64E-3AF23EA28B0E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D37D19F-C842-42CE-B41F-D34F8D60C676}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{228F815F-8F6A-43C1-9354-0917227BCF2C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{268C4A6C-0DCE-41B9-A312-C57A7E56A51A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{333627FA-501F-418B-9C71-F64C9EE00B23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47C0F99A-1EC7-43B3-8DF6-A9AC8C3840A1}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{51262582-3F16-4931-AA57-9459F5BDA7E0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{51F48D5C-9878-473E-9925-68527BE64635}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52675932-A25B-43EF-8BB6-4F49E6D7110F}" = protocol=6 | dir=out | app=system |
"{58B364E8-59D6-4CC3-BB5E-8C78233BAEBF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6000FB83-B7AD-4F8B-9310-DA429E39818F}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{61EA9F9B-2B12-44F5-8A83-03BE4356C04E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6621751D-47AC-41BD-8641-D1FDDB34827F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{699AAB7B-E805-4E74-98AB-B6DC1DFC60E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BCD83A3-C1B9-4940-A194-50094E707A84}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BD543F4-FE5E-4117-BAF5-973C1A1D5F27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70332A3D-D72D-45E7-9587-E2FEE198C27D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{754F4F05-7B29-4D81-A636-6398A6BD2156}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{75A19065-15DA-4206-9714-8158A0A69143}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7C69DCED-EC5A-4EF5-823F-0A4F4E3CA271}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7EA49265-CD52-4477-A4DE-8F8DC1CA8F54}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8298B7C2-8F0F-475A-B35F-3D3981AE2407}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{8B574BC1-1884-43D5-B5CD-DD120C95CFD9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9F52E307-B6E5-4437-BE59-693C10947B30}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A613DC2C-67A2-4CBB-81D4-3DA73F8B137E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1BAF092-EEF4-4F4E-B335-5D0736EE2703}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E55A3DDC-F271-40EC-A9E1-00DDF2E18D8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC1BAF52-F6FC-4FB7-B649-CDC6A06954CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FBB69027-E26F-46AC-AC77-9FA7E4F2DC30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF4648AF-6AF4-4759-A48D-91D79F6DB316}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2E432B60-2AD4-4F05-BD95-4C6308D34AAB}C:\users\...\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\...\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{5B3BBD01-48FC-41D5-AA60-C91199221D04}C:\users\...\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\...\appdata\local\google\chrome\application\chrome.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03520551-508E-EDCA-4A14-90C706A54A41}" = AMD Catalyst Install Manager
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2C233758-BD55-8F3F-4BBE-0A11B833CB96}" = ccc-utility64
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3D2D0DB9-5199-4A77-B6D3-646693FAE63C}" = AMD Media Foundation Decoders
"{422BA615-2133-4DC0-8673-09C8CC7557F2}" = HP ProtectTools Security Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65C1BEAD-B50B-498C-BB6B-CDE4F30584B1}" = HP 3D DriveGuard
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{8BE2A226-3A4A-4CB5-AC13-0207F83CACA1}" = Studie zur Verbesserung von HP Deskjet 3050A J611 series Produkten
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}" = Privacy Manager for HP ProtectTools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{D8057953-CCF0-48B3-B61D-762C580B2A10}" = HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät
"{D9355D03-2C06-401B-8A16-F6500379AE21}" = HP Power Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver
"CCleaner" = CCleaner
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D02198-001C-FB17-9280-756444349E29}" = CCC Help Portuguese
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{110A6D3A-A966-992B-173F-6D4A6A93A7F3}" = CCC Help Chinese Traditional
"{118D6CE9-5F18-42F9-958A-14676A629FDE}" = Iminent
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D899D7-CF47-8DEC-4976-F8CB8DAD6C61}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2396EE07-88BE-67F0-229D-E46088C86AC1}" = Catalyst Control Center Graphics Previews Common
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3327995E-0937-0BB1-F258-711F165E096F}" = CCC Help Japanese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3A53DC94-79F4-2141-772A-569A7FCD38A9}" = Catalyst Control Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F437675-F102-4866-BDE1-FFFC7B45EC0B}" = HP QuickWeb
"{4114A073-7385-4742-8A5E-A5788FAC838F}" = ArcSoft TotalMedia
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48B40F85-4F69-456F-82EB-E3DCCA15E9F0}" = CCC Help Finnish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{501B8F04-368E-A540-2E46-19A44FDF7109}" = Catalyst Control Center Profiles Mobile
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DF24781-FA89-2E36-3FDE-D3974BCB5675}" = CCC Help Danish
"{610C146B-F818-BD30-C0F1-7D6E46EEC025}" = CCC Help Spanish
"{6357258D-2BF9-49E7-A9EF-0C609D52C46D}" = HP ESU for Microsoft Windows 7
"{638FCD4E-0EA4-4EC2-6C06-FC1A06BAB336}" = CCC Help Korean
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{670B9685-76B4-0E94-99F8-92FCBFAF3547}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{692C218E-34B2-1D36-670D-9AB3A8D107BC}" = CCC Help Chinese Standard
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A822F2F-8C69-4095-8B18-32326C49B0ED}" = CCC Help Swedish
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
"{7C62B5F1-938A-50F9-78AF-4143E9604507}" = CCC Help Czech
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96F82870-A977-2AE6-BAF0-04B143412099}" = CCC Help Hungarian
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Hilfe
"{99BBECCE-5865-B26C-912A-0B339081F799}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1525FFC-6691-BCC7-CBFF-CDCF47BC606C}" = CCC Help Greek
"{B2506DF2-78E6-8C09-A40D-EA92DB0FA5F0}" = CCC Help Russian
"{B6B16F49-0533-8772-7C20-09C241847185}" = CCC Help Turkish
"{B78F6C6D-3EFB-B64D-FE49-C6318FDD116E}" = CCC Help German
"{B975C052-531D-97C0-AB47-EB6BA7620887}" = Catalyst Control Center Localization All
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C33240AB-1F4B-4DE2-B1C7-54E0A182BB5D}" = Catalyst Control Center - Branding
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6A49140-A2D9-4CA4-BB92-2E1C8CBB6E16}" = HP Documentation
"{C7DF9961-9EB4-B130-D201-BE71591673F9}" = CCC Help French
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D26F9059-EDE3-4C80-B793-04AE9143F779}" = eM Client
"{D2A2E5CD-801A-4B8D-8119-F79449A09B67}" = HP System Default Settings
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB94388C-62E9-570D-2BD6-90864F7E1282}" = PX Profile Update
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E328DF8F-CD40-DE5A-E9D0-4367EBA5BD25}" = CCC Help Thai
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7EA2C61-4E65-AD62-B151-D517F37AFB80}" = CCC Help Polish
"{EAD66E57-B386-DB10-29F9-A5A75BC60952}" = CCC Help Dutch
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD53BD91-BAA5-2F85-315D-CD3816A280A6}" = CCC Help Italian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"5513-1208-7298-9440" = JDownloader 0.9
"888casino" = 888casino
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"Avira AntiVir Desktop" = Avira Internet Security
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"HP Photo Creations" = HP Photo Creations
"IMBoosterARP" = Iminent
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF Complete" = PDF Complete Special Edition
"VIP Access SDK" = VIP Access SDK x64(1.0.0.50)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087380" = John Deere Drive Green
"WT087428" = Bejeweled 2 Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089362" = Agatha Christie - Peril at End House
"XobniMain" = Xobni
"youlyrics@ulyrics.com" = You Lyrics
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"JDownloader Download Manager Packages" = JDownloader Download Manager Packages
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.04.2013 04:50:54 | Computer Name = ...-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5102
Error - 25.04.2013 00:04:11 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 00:26:21 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 04:27:00 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 13:17:13 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 22:49:38 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2013 15:28:30 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 27.04.2013 01:32:11 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 28.04.2013 13:35:16 | Computer Name = ...-HP | Source = WinMgmt | ID = 10
Description =
Error - 28.04.2013 13:35:17 | Computer Name = ...-HP | Source = XobniService | ID = 0
Description = Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
[ Hewlett-Packard Events ]
Error - 29.04.2013 02:18:13 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 06.05.2013 02:57:41 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 13.05.2013 05:18:15 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 21.05.2013 01:41:16 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 27.05.2013 05:07:35 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 03.06.2013 02:30:28 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 17.06.2013 11:48:17 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: TargetSite: Void UpdateAndDetect()
Error - 24.06.2013 02:52:38 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 01.07.2013 03:20:08 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 08.07.2013 04:34:55 | Computer Name = ...-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4030 Ram Utilization: TargetSite: Void UpdateAndDetect()
[ HP Connection Manager Events ]
Error - 12.07.2013 15:20:32 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/12 21:20:32.565|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 13.07.2013 02:51:25 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/13 08:51:25.749|00001C3C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 13.07.2013 02:52:24 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/13 08:52:24.842|00001C3C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 13.07.2013 05:12:27 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/13 11:12:27.252|00001958|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 14.07.2013 16:41:27 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/14 22:41:27.685|00000B08|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15.07.2013 01:13:05 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/15 07:13:05.759|00001EC8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15.07.2013 15:08:16 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/15 21:08:16.333|00001E24|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15.07.2013 15:08:19 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/15 21:08:19.885|00001E24|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 17.07.2013 03:51:46 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/17 09:51:46.632|000019E4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 17.07.2013 14:41:13 | Computer Name = ...-HP | Source = hpCMSrv | ID = 5
Description = 2013/07/17 20:41:13.379|00000C6C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
[ HP Power Assistant Events ]
Error - 28.06.2013 08:01:48 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 29.06.2013 00:44:09 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 29.06.2013 08:58:55 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 29.06.2013 17:44:01 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 30.06.2013 03:04:30 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 01.07.2013 01:42:12 | Computer Name = ...-HP | Source = HP PA Application | ID = 1020
Description = An error occured in HP Power Assistant application, module [HPPA_Main].
Please
restart HP Power Assistant application. Additional details may be available in the
Details section. DETAILS Power Control Settings: registry Threshold contains an
invalid value: 0
Error - 02.07.2013 02:25:59 | Computer Name = ...-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS Level value needs to be an integer between 0 and 100, got 112UpdateBatteryPredictions()
has bad values. Check PMCCapabilities.XML and PMCData.XML if in emulation mode
Error - 02.07.2013 02:26:58 | Computer Name = ...-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS Level value needs to be an integer between 0 and 100, got 110UpdateBatteryPredictions()
has bad values. Check PMCCapabilities.XML and PMCData.XML if in emulation mode
Error - 02.07.2013 02:27:58 | Computer Name = ...-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS Level value needs to be an integer between 0 and 100, got 109UpdateBatteryPredictions()
has bad values. Check PMCCapabilities.XML and PMCData.XML if in emulation mode
Error - 02.07.2013 02:28:58 | Computer Name = ...-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS Level value needs to be an integer between 0 and 100, got 108UpdateBatteryPredictions()
has bad values. Check PMCCapabilities.XML and PMCData.XML if in emulation mode
[ HP Software Framework Events ]
Error - 08.06.2013 23:29:19 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.09 05:29:19.731|00001A54|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 08.06.2013 23:29:20 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.09 05:29:20.105|00001A54|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
nicht auf eine Objektinstanz festgelegt.
Error - 12.06.2013 04:58:09 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.12 10:58:09.023|00001B54|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 12.06.2013 04:58:09 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.12 10:58:09.085|00001B54|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
nicht auf eine Objektinstanz festgelegt.
Error - 12.06.2013 23:34:10 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.13 05:34:10.536|000012CC|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 12.06.2013 23:34:11 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.13 05:34:11.050|000012CC|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
nicht auf eine Objektinstanz festgelegt.
Error - 24.06.2013 05:55:46 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.24 11:55:46.145|00001F5C|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 29.06.2013 15:54:58 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.29 21:54:58.402|00001238|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 29.06.2013 15:54:58 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.06.29 21:54:58.699|00001238|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
nicht auf eine Objektinstanz festgelegt.
Error - 08.07.2013 14:17:03 | Computer Name = ...-HP | Source = CaslSmBios | ID = 5
Description = 2013.07.08 20:17:03.080|000012D0|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
[ System Events ]
Error - 17.07.2013 02:31:03 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 17.07.2013 02:31:40 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 17.07.2013 03:51:30 | Computer Name = ...-HP | Source = DCOM | ID = 10010
Description =
Error - 17.07.2013 11:47:23 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 17.07.2013 11:47:23 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 17.07.2013 11:48:08 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 17.07.2013 14:41:07 | Computer Name = ...-HP | Source = DCOM | ID = 10010
Description =
Error - 18.07.2013 02:08:21 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 18.07.2013 02:08:21 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 18.07.2013 02:08:51 | Computer Name = ...-HP | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-18 20:49:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\GERDKU~1\AppData\Local\Temp\kfdiraoc.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000071fc11a8 2 bytes [FC, 71]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000071fc13a8 2 bytes [FC, 71]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000071fc1422 2 bytes [FC, 71]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000071fc1498 2 bytes [FC, 71]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000070a61b41 2 bytes [A6, 70]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000070a61be8 2 bytes [A6, 70]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000070a61c20 2 bytes [A6, 70]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000070a61cd2 2 bytes [A6, 70]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2968] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000070a61cf2 2 bytes [A6, 70]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e51465 2 bytes [E5, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e514bb 2 bytes [E5, 75]
.text ... * 2
.text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4704] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e51465 2 bytes [E5, 75]
.text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4704] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e514bb 2 bytes [E5, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[6284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e51465 2 bytes [E5, 75]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[6284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e514bb 2 bytes [E5, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d571a7bab
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d571a7bab (not active ControlSet)
---- EOF - GMER 2.1 ----
Danke Geändert von GerdKueller (18.07.2013 um 19:54 Uhr) |
| Themen zu Trojaner eingefangen? Avira sagt TR/Vundo |
| adblock, avira, delta chrome toolbar, downloads, eingefangen, folder, gefangen, gen, igdpmd64.sys, install.exe, melde, meldet, microsoft office starter 2010, plug-in, tr/vundo, troja, trojaner, trojaner eingefangen, users |
Baum-Darstellung