Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mehrere Trojaner entfernt - ist mein Rechner nun sauber?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 23.09.2012, 19:09   #1
noelpy
 
Mehrere Trojaner entfernt - ist mein Rechner nun sauber? - Standard

Mehrere Trojaner entfernt - ist mein Rechner nun sauber?



Hallo Forum!

ich hatte die beiden folgenden Schädlinge auf dem Rechner:
- Variante von Java/Exploit.CVE-2011-3544.BQ Trojaner
- JS/Kryptik.VK Trojaner

nun läuft mein Rechner weiterhin recht langsam und ich bin mir unsicher ob ich mir nicht mehr eingefangen habe. Wäre klasse wenn sich jemand mal meine Logs anschaut:

PC-Datenblatt:
Betriebsystemname Microsoft Windows 7 Home Premium
Version 6.1.7600 Build 7600
Weitere Betriebsystembeschreibung Nicht verfügbar
Betriebsystemhersteller Microsoft Corporation
Systemname ****BOOK
Systemhersteller Hewlett-Packard
Systemmodell HP ProBook 4720s
Systemtyp x64-basierter PC
Prozessor Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz, 2534 MHz, 2 Kern(e), 4 logische(r) Prozessor(en)
BIOS-Version/-Datum Hewlett-Packard 68AZZ Ver. F.20, 08.09.2011
SMBIOS-Version 2.6
Windows-Verzeichnis C:\windows
Systemverzeichnis C:\windows\system32
Startgerät \Device\HarddiskVolume1
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "6.1.7600.16416"
Benutzername MatsBook\Mats
Zeitzone Mitteleuropäische Sommerzeit
Installierter physikalischer Speicher (RAM) 4,00 GB
Gesamter realer Speicher 3,86 GB
Verfügbarer realer Speicher 1,85 GB
Gesamter virtueller Speicher 7,72 GB
Verfügbarer virtueller Speicher 5,16 GB
Größe der Auslagerungsdatei 3,86 GB
Auslagerungsdatei C:\pagefile.sys



---------------------------------------------------------------
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 9/23/2012 7:53:57 PM - Run 1
OTL by OldTimer - Version 3.2.66.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 55.47% Memory free
7.72 Gb Paging File | 5.38 Gb Available in Paging File | 69.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.47 Gb Total Space | 208.87 Gb Free Space | 46.57% Space Free | Partition Type: NTFS
Drive D: | 5.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.52% Space Free | Partition Type: FAT32
 
Computer Name: ****BOOK | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C492F9-69AE-4359-93EF-773B12655181}" = lport=137 | protocol=17 | dir=in | app=system | 
"{089F003B-FC26-414C-8097-5DA9F767F114}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1234B874-730A-464F-B3BA-E604AED6858C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{15716A04-929C-4853-BBC4-0207F5271AF4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{245E8812-C7CF-42B6-B415-88919DFB1B2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{35AAE7DF-4A73-456A-AC38-793FDA552D04}" = rport=138 | protocol=17 | dir=out | app=system | 
"{35CB1CA5-A13D-4CC0-A428-54529690292A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3E9AD0E4-F572-43FA-912E-11B5DB112E73}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4234010D-6CB1-4F75-ADF9-21BB3D9F7F5A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44CA7A59-3550-4C3F-BB24-C25C304107AE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5689F5FC-6ED5-497F-9767-7C8BFB0A9202}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{618B25F7-5A21-4699-822A-F7F9D5368C1A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{6CDB9DCD-A335-454A-9141-9AF0DBC2D9B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71979DB2-143F-4B64-9FB5-6BABC8843149}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{88764504-987D-4DBC-A15D-91D294AB54CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{89114CE1-89C9-4D40-A055-3BC370AB0E2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A10B3AB1-39C6-4946-BE0A-ACC606064477}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B23F079F-4113-40E1-8D62-26DDB2A08D2E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B4F9E6EB-0DA7-4B6F-A3D3-1BA7B06327D5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C1B12EC5-D363-4590-B8BB-A24160FADD03}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD15EAF0-683F-47AB-A4AF-B6CAA6C0E3DC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D0D9948E-2324-4298-8081-662BE3D93B62}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E191B355-8B34-4BE3-9D16-C655F872EC07}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E343B0E5-D780-4F0C-90AA-53C8406B2740}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ACAFA9D-6626-40AF-A9F3-EC55B50C6251}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{10F591CA-6AA4-4F32-95DC-ACBDAEC0473D}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{18DD5A5A-48A1-4C57-9D13-2175F875B10A}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{1BE9630A-0DF4-43AB-82BE-7617C7D8FB8B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2301A6BD-5DC5-444D-AB08-D6FBE2675D94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{26C1B0C2-56A9-4C2E-9386-CF74C52644C8}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{2C8F6A8F-1987-4C75-86B0-24C0D477AC99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3538E7F7-7220-4247-866D-1133448C9467}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{35A6A1A0-E7D3-4511-9F2D-DEF49435F1C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B3C74E3-B80D-4D9B-BC9F-94F2B36F6EB3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3C95576E-AB3A-4521-AD14-3AECF952690C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{473E50A2-6BE6-4B96-BF8E-B328B664A31D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F0ABED1-242D-422B-ACD1-9AC485345677}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{4FE5F780-6AC9-41CC-92DB-2343EBAFB25E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5820E33D-A35C-42D8-8833-49F7DC04711B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5B05BDCF-879A-4096-A8B5-1EC259986CDE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{5B8F6BAC-0F14-4C1E-A46F-6724684CE7D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{60EC38C2-BFF8-42D6-A83C-E90757C7B4C8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{6B7925E3-056F-40E2-BC74-4B6EE2865A72}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6F5E1055-D368-498F-BD35-E1E0450879B9}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{88190115-3E7F-493D-9637-68FC58B445BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9BD18D9F-C733-4FE5-98C8-E2CA31A52E0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A51461D1-3A55-4123-B745-13BE3259C487}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AB3086F9-2820-4954-B495-059C7D78F875}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{AC3B9DE0-7C4F-4D3F-9A89-2AEA9AFCB688}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{B065A108-0CF2-45D4-9176-97DBA20FDDA2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B0CCD63A-CF25-4948-818A-FF685E755E09}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{B6F4615A-A8DC-4791-8E32-C42110D0BDC1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C86471DB-C066-41A4-98F0-989C2CA3FE32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D208CEAF-B2B3-4AD5-B82C-C12F7B48F8BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D43AF34F-9F92-4B1A-97E7-FDCF94868C76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E689DBBA-863B-4A64-AE54-71B943DA3BE2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EA1EC3FF-4053-4AF0-B09C-E3CC55D976F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EAB5E949-F714-4C5A-9F9F-BB7A88FE4A4A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EC0179C3-ED08-4BDF-8D20-ACCF26941951}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ECAA77E1-C397-425C-8EA8-AABA39F20515}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | 
"{F28AB1D4-6B3F-4236-9F06-81EC46416DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{FB3A7009-6DE5-4834-AC62-7D2FC953B7A2}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | 
"{FF6B5B8F-E211-4051-90A2-B229E560D412}" = protocol=6 | dir=out | app=system | 
"TCP Query User{86F7C087-65E5-441D-BC34-B7E4774D632B}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{BE054855-F524-4484-88C4-800826E3E380}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{C9F8BD4B-81C0-4C02-AF3E-DDC50CBF09EF}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{F81BD059-2B72-462E-9D24-F96CF118BE82}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{1326729F-E2F1-4F17-B138-297612701DE1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{9DD1BE1A-CB87-4AA4-8E22-35D6CC76950A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{CD19530A-EDCF-45FE-9ECB-88E97E257B09}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{CFBBD9E5-6B7E-41F3-A5A4-2B40E1ED8CE8}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}" = Privacy Manager for HP ProtectTools
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1EB84327-5469-B591-F59C-E91372063F0D}" = ccc-utility64
"{32C278B2-BC1F-4018-8FB4-2012A40D9FC1}" = HP Power Assistant
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{516DA517-73A0-40F8-8CD9-E5ED4EC383E5}" = Validity Fingerprint Driver
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{61A177CE-86A3-433F-BFE2-41AB9123A268}" = ESET NOD32 Antivirus
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89D7DD37-5A15-46E0-9C3C-A0004C4F1A38}" = Drive Encryption for HP ProtectTools
"{89E65E64-68E2-32A4-09E1-2606E2BEC841}" = AMD Media Foundation Decoders
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A78F11F2-A478-4BF8-A29A-63746D8A97C9}" = HP ProtectTools Security Manager
"{B39F601A-E865-7C74-48C6-821AD1312D33}" = ATI Catalyst Install Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook
"{E793990C-90BE-4B69-AC29-BF5E8FD4ED54}" = Face Recognition for HP ProtectTools
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F2177395-FD90-44B0-AFB8-2E0566855E5C}" = HP Power Data
"CCleaner" = CCleaner
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Motorola Bluetooth_is1" = Motorola Bluetooth
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{21385719-E020-4ED8-A3D4-6B46D0E5DAB1}" = ArcSoft TotalMedia
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{31EF4C77-4A10-9422-4F73-DA2F56F72A11}" = CCC Help English
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{3CAD25F8-F8AF-66C3-0183-C0D195152268}" = Catalyst Control Center Graphics Previews Common
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7861911B-4270-498A-8F7A-FCF0570F487D}" = HP QuickWeb
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885EACE2-F2B6-BC1F-E4DC-D80154650B8D}" = Catalyst Control Center Localization All
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3059B3-B804-42BB-909B-25864C7D33E3}" = HP Documentation
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B6D58F80-C8BE-5E7F-8F1C-1AEB4A5EACE6}" = Catalyst Control Center InstallProxy
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D5CAF1CF-21CD-DAE4-72E2-3EDA756175BD}" = Catalyst Control Center
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Drive Encryption" = Drive Encryption for HP ProtectTools
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EADM" = EA Download Manager
"facemoods" = Facemoods Toolbar
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.17.903
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Gamestudio A8" = Gamestudio A8
"Google Chrome" = Google Chrome
"HyperCam 3" = HyperCam 3
"iLivid" = iLivid
"ImgBurn" = ImgBurn
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"JDownloader" = JDownloader
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"Searchqu Toolbar" = Searchqu Toolbar
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.5
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/15/2012 1:30:34 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe".  Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 5/15/2012 1:30:39 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe".  Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 5/15/2012 1:30:44 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe".  Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 5/15/2012 1:30:49 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe".  Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 5/15/2012 1:30:54 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe".  Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 5/15/2012 1:30:54 PM | Computer Name = ****Book | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 5/15/2012 1:30:54 PM | Computer Name = ****Book | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 5/15/2012 1:30:54 PM | Computer Name = ****Book | Source = MsiInstaller | ID = 11920
Description = 
 
Error - 5/17/2012 4:06:01 PM | Computer Name = ****Book | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1704    Startzeit: 01cd34685a8afc74    Endzeit: 8    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 5/22/2012 12:41:19 PM | Computer Name = ****Book | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Arcsoft\TotalMedia Suite\TotalMedia Studio MV\CaptureModule.exe.Manifest".
 Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Arcsoft\TotalMedia
 Suite\TotalMedia Studio MV\CaptureModule.exe.Manifest" in Zeile 3.  Der Wert "1, 
2, 0, 17" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 5/24/2012 4:26:37 PM | Computer Name = ****Book | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Hewlett-Packard Events ]
Error - 5/5/2011 4:00:29 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HP.ActiveSupportLibrary

   bei HP.ActiveSupportLibrary.Issues.HPSFSession.?() 
 
Error - 5/19/2011 5:48:47 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HP.ActiveSupportLibrary

   bei HP.ActiveSupportLibrary.Issues.HPSFSession.?() 
 
Error - 6/23/2011 4:25:58 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HP.ActiveSupportLibrary

   bei HP.ActiveSupportLibrary.Issues.HPSFSession.?() 
 
Error - 9/8/2011 3:41:38 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091108094136.xml
 File not created by asset agent
 
Error - 11/10/2011 4:12:54 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111110091251.xml
 File not created by asset agent
 
Error - 1/12/2012 6:12:53 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011212111238.xml
 File not created by asset agent
 
Error - 1/26/2012 5:20:27 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011226102025.xml
 File not created by asset agent
 
Error - 3/8/2012 5:43:56 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031208104353.xml
 File not created by asset agent
 
Error - 4/26/2012 5:55:46 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041226115544.xml
 File not created by asset agent
 
Error - 5/17/2012 4:14:05 PM | Computer Name = ****Book | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051217101402.xml
 File not created by asset agent
 
[ HP Power Assistant Events ]
Error - 8/10/2012 5:07:43 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = GetBatteryLifeCost returns infinite or NaN.  currentConsumption = 0  hl.Battery.Capacity
 = 18965  currentLifespan = +unendlich  active = True  idleDraw = 214,487045697684     bei
 System.Environment.get_StackTrace()     bei HPPA_Main.PACustomControls.Pages.SettingsPage.GetBatteryLifeCost(Double
 idleDraw, Boolean active)     bei HPPA_Main.PACustomControls.Pages.SettingsPage.updatePowerSchemePredictions()

   bei HPPA_Main.PACustomControls.Pages.SettingsPage.estimatesUpdateTimer_Tick(Object
 sender, EventArgs e)     bei System.Windows.Forms.Timer.OnTick(EventArgs e)     bei
 System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)     bei System.Windows.Forms.NativeWindow.Callback(IntPtr
 hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)     bei System.Windows.Threading.Dispatcher.TranslateAndDispatchMessage(MSG&
 msg)     bei System.Windows.Threading.Dispatcher.PushFrameImpl(DispatcherFrame frame)

   bei System.Windows.Application.RunInternal(Window window)     bei HPPA_Main.Startup.Main(String[]
 args)  
 
Error - 8/10/2012 5:07:43 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = GetBatteryLifeCost returns infinite or NaN.  currentConsumption = 0  hl.Battery.Capacity
 = 18965  currentLifespan = +unendlich  active = True  idleDraw = 0     bei System.Environment.get_StackTrace()

   bei HPPA_Main.PACustomControls.Pages.SettingsPage.GetBatteryLifeCost(Double idleDraw,
 Boolean active)     bei HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateAdditionalConsumption()

   bei HPPA_Main.PACustomControls.Pages.SettingsPage.estimatesUpdateTimer_Tick(Object
 sender, EventArgs e)     bei System.Windows.Forms.Timer.OnTick(EventArgs e)     bei
 System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)     bei System.Windows.Forms.NativeWindow.Callback(IntPtr
 hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)     bei System.Windows.Threading.Dispatcher.TranslateAndDispatchMessage(MSG&
 msg)     bei System.Windows.Threading.Dispatcher.PushFrameImpl(DispatcherFrame frame)

   bei System.Windows.Application.RunInternal(Window window)     bei HPPA_Main.Startup.Main(String[]
 args)  
 
Error - 8/10/2012 5:07:43 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = System.OverflowException Das Negieren des minimalen Wertes einer Ergänzungszahl
 ist unzulässig.    bei System.Math.Abs(Int32 value)     bei HPPA_Main.PACustomControls.DSList.AdditionalConsumption.set_TimeImpact(Nullable`1
 value)
 
Error - 8/18/2012 1:25:17 PM | Computer Name = ****Book | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException Fehler im XML-Dokument.    bei System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
 xmlReader, String encodingStyle, XmlDeserializationEvents events)     bei System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
 xmlReader)     bei HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput& pmcData)     
bei HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)
 
Error - 8/18/2012 1:25:18 PM | Computer Name = ****Book | Source = HP PA Service | ID = 0
Description = System.FormatException Die Zeichenfolge '2025-25-25T25:25:25' kein 
gültiger AllXsd-Wert.    bei System.Xml.Schema.XsdDateTime..ctor(String text, XsdDateTimeFlags
 kinds)     bei System.Xml.XmlConvert.ToDateTime(String s, XmlDateTimeSerializationMode
 dateTimeOption)     bei System.Xml.Serialization.XmlSerializationReader.ToDateTime(String
 value)     bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read96_GetPMCDataOutputOutputData(Boolean
 isNullable, Boolean checkType)     bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read97_GetPMCDataOutputOutput(Boolean
 isNullable, Boolean checkType)     bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read98_GetPMCDataOutput(Boolean
 isNullable, Boolean checkType)     bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read227_GetPMCDataOutput()
 
Error - 9/9/2012 4:01:23 PM | Computer Name = ****Book | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException Fehler im XML-Dokument.    bei System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
 xmlReader, String encodingStyle, XmlDeserializationEvents events)     bei System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
 xmlReader)     bei HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput& pmcData)     
bei HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)
 
Error - 9/9/2012 4:01:23 PM | Computer Name = ****Book | Source = HP PA Service | ID = 0
Description = System.FormatException Die Zeichenfolge '2000-00-00T00:00:00' kein 
gültiger AllXsd-Wert.    bei System.Xml.Schema.XsdDateTime..ctor(String text, XsdDateTimeFlags
 kinds)     bei System.Xml.XmlConvert.ToDateTime(String s, XmlDateTimeSerializationMode
 dateTimeOption)     bei System.Xml.Serialization.XmlSerializationReader.ToDateTime(String
 value)     bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read96_GetPMCDataOutputOutputData(Boolean
 isNullable, Boolean checkType)     bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read97_GetPMCDataOutputOutput(Boolean
 isNullable, Boolean checkType)     bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read98_GetPMCDataOutput(Boolean
 isNullable, Boolean checkType)     bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read227_GetPMCDataOutput()
 
Error - 9/20/2012 4:34:18 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = System.ArgumentException UpdateBatteryPredictions() bad values.  Check
 PMCCapabilities.XML and PMCData.XML if in emulation mode Level value needs to be
 an integer between 0 and 100, got 101    bei HPPA_Main.Battery.Battery.set_Level(Int32
 value)     bei HPPA_Main.ACDCControl.DCMode(Int32 timeInSeconds, Int32 levelInPercentage1,
 Nullable`1 levelInPercentage2)     bei HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
 
Error - 9/20/2012 4:35:18 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = System.ArgumentException UpdateBatteryPredictions() bad values.  Check
 PMCCapabilities.XML and PMCData.XML if in emulation mode Level value needs to be
 an integer between 0 and 100, got 101    bei HPPA_Main.Battery.Battery.set_Level(Int32
 value)     bei HPPA_Main.ACDCControl.DCMode(Int32 timeInSeconds, Int32 levelInPercentage1,
 Nullable`1 levelInPercentage2)     bei HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
 
Error - 9/20/2012 4:35:35 PM | Computer Name = ****Book | Source = HP PA Application | ID = 0
Description = System.ArgumentException UpdateBatteryPredictions() bad values.  Check
 PMCCapabilities.XML and PMCData.XML if in emulation mode Level value needs to be
 an integer between 0 and 100, got 101    bei HPPA_Main.Battery.Battery.set_Level(Int32
 value)     bei HPPA_Main.ACDCControl.DCMode(Int32 timeInSeconds, Int32 levelInPercentage1,
 Nullable`1 levelInPercentage2)     bei HPPA_Main.PACustomControls.Pages.SettingsPage.UpdateBatteryPredictions()
 
[ HP Wireless Assistant Events ]
Error - 9/18/2010 10:54:02 AM | Computer Name = MCEL7K9U7E256 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     at HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 9/18/2010 10:54:02 AM | Computer Name = MCEL7K9U7E256 | Source = HP WA Service | ID = 0
Description = System.Exception Register() failed : e_GENERAL_EXCEPTION    at HP_Common.CaslWrapper.Register(EventArrivedEventHandler
 handler)     at HPPA_Service.CurrentConfiguration..ctor()
 
Error - 9/18/2010 10:54:04 AM | Computer Name = MCEL7K9U7E256 | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
 calibration)     at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
[ System Events ]
Error - 9/23/2012 1:57:11 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 9/23/2012 1:57:41 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 9/23/2012 1:58:11 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 9/23/2012 1:58:41 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 9/23/2012 1:59:11 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 9/23/2012 1:59:41 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 9/23/2012 2:00:11 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 9/23/2012 2:00:41 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 9/23/2012 2:01:11 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%126
 
Error - 9/23/2012 2:01:41 PM | Computer Name = ****Book | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%126
 
 
< End of report >
         
--- --- ---
-----------------------------------------------------------------
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/23/2012 7:53:57 PM - Run 1
OTL by OldTimer - Version 3.2.66.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 55.47% Memory free
7.72 Gb Paging File | 5.38 Gb Available in Paging File | 69.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.47 Gb Total Space | 208.87 Gb Free Space | 46.57% Space Free | Partition Type: NTFS
Drive D: | 5.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.52% Space Free | Partition Type: FAT32
 
Computer Name: ****BOOK | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe (Synaptics Incorporated)
PRC - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\srvany.exe ()
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Motorola, Inc.)
PRC - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.)
PRC - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\854edff8bd00701e10f73fbf59739aed\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b3a8e8ec51ff3287e12eec44706bf6d\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\SysWOW64\SUPSDK.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\SysWOW64\flcdlmsg.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV:64bit: - (DEBridge) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ScrybeUpdater) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (STacSV) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe (IDT, Inc.)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HPFSService) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (uArcCapture) -- C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.)
SRV - (HP ProtectTools Service) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (FLCDLOCK) -- c:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SbFsLock) -- C:\windows\SysNative\drivers\SbFsLock.sys (McAfee, Inc.)
DRV:64bit: - (RsvLock) -- C:\windows\SysNative\drivers\RsvLock.sys (McAfee, Inc.)
DRV:64bit: - (SafeBoot) -- C:\windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Development Company L.P.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SbAlg) -- C:\windows\SysNative\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbAlg) -- C:\windows\SysWow64\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\SysWow64\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{A4AFB4D5-19BA-4BED-99C1-925B53ED1459}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{A4AFB4D5-19BA-4BED-99C1-925B53ED1459}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.de/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{06083AFC-584E-4810-9586-45A1EAAD6A63}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd_ut
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{A4AFB4D5-19BA-4BED-99C1-925B53ED1459}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.6.1
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.2.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.backup.ftp: "212.156.83.14"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "212.156.83.14"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "212.156.83.14"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "212.156.83.14"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "109.228.10.228"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "109.228.10.228"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "109.228.10.228"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "109.228.10.228"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "109.228.10.228"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/09/03 11:49:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/23 15:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/16 21:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/12/10 22:53:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/23 15:35:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/16 21:24:05 | 000,000,000 | ---D | M]
 
[2012/08/16 21:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012/09/20 17:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\7fufi9fy.default\extensions
[2012/01/28 19:01:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\7fufi9fy.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/08/16 21:27:35 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\7fufi9fy.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/12/14 16:50:28 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\7fufi9fy.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/09/24 12:33:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\7fufi9fy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/09/20 17:22:15 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\7fufi9fy.default\searchplugins\icqplugin-1.xml
[2011/12/14 16:49:19 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\7fufi9fy.default\searchplugins\icqplugin-2.xml
[2011/12/10 22:45:51 | 000,001,052 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\7fufi9fy.default\searchplugins\icqplugin.xml
[2012/08/16 21:27:32 | 000,002,519 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\7fufi9fy.default\searchplugins\Search_Results.xml
[2012/08/16 21:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/02/24 00:04:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/09/23 15:35:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/28 01:21:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/23 15:35:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/28 01:21:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/02 21:31:29 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012/07/28 01:21:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/08/16 21:27:32 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/07/28 01:21:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/28 01:21:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.searchnu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=390&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Facemoods = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\
CHR - Extension: ICQ Sparberater = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.673_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39F13F3F-9888-4D50-A54A-79FC01FCB5F7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59A1C080-536E-4140-A82B-955EFB74AE48}: DhcpNameServer = 127.0.0.1 194.204.159.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/09/16 06:58:13 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3d1cf30e-9d98-11e0-a060-70f395e37e0f}\Shell - "" = AutoRun
O33 - MountPoints2\{3d1cf30e-9d98-11e0-a060-70f395e37e0f}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{be7b6a23-2325-11e0-94d5-b4206fe3c68a}\Shell - "" = AutoRun
O33 - MountPoints2\{be7b6a23-2325-11e0-94d5-b4206fe3c68a}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2011/09/16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/23 19:52:59 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012/09/23 19:30:13 | 000,000,000 | ---D | C] -- C:\TuneUpPortable
[2012/09/21 18:36:02 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\mp4
[2012/09/20 18:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/20 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/20 17:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/09/20 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/23 19:52:37 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012/09/23 19:51:01 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/23 19:50:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/23 19:50:13 | 4143,374,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 19:43:01 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/23 19:25:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/23 15:16:20 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 15:16:20 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 15:25:18 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/09/22 15:25:18 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/21 17:55:15 | 000,002,326 | ---- | M] () -- C:\Users\****\Desktop\Free Video to MP3 Converter.lnk
[2012/09/20 18:34:43 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/20 17:26:21 | 000,001,304 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/09/18 00:27:05 | 000,027,300 | ---- | M] () -- C:\Users\****\Desktop\151646210-1.jpg
[2012/09/11 23:03:35 | 001,472,002 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/11 23:03:35 | 000,643,866 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/09/11 23:03:35 | 000,607,190 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/11 23:03:35 | 000,126,394 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/09/11 23:03:35 | 000,103,568 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/05 00:45:14 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/30 14:03:35 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor****.job
 
========== Files Created - No Company Name ==========
 
[2012/09/21 17:55:15 | 000,002,326 | ---- | C] () -- C:\Users\****\Desktop\Free Video to MP3 Converter.lnk
[2012/09/20 18:34:43 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/20 17:26:16 | 000,001,304 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/09/18 00:31:21 | 000,027,300 | ---- | C] () -- C:\Users\****\Desktop\151646210-1.jpg
[2012/07/31 23:44:13 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2011/07/30 13:49:22 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\{DD760ACF-586F-4D56-B1C0-82CFD3390628}
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/03/10 21:17:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011/03/10 21:14:52 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys
[2011/02/24 00:08:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/06 16:46:36 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/01/18 21:35:22 | 000,077,824 | ---- | C] () -- C:\windows\KMService.exe
[2011/01/18 21:35:22 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0E08FC17

< End of report >
         
--- --- ---

Geändert von noelpy (23.09.2012 um 19:21 Uhr)

Alt 24.09.2012, 08:20   #2
Psychotic
/// Malwareteam
 
Mehrere Trojaner entfernt - ist mein Rechner nun sauber? - Standard

Mehrere Trojaner entfernt - ist mein Rechner nun sauber?



Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________

__________________

Alt 24.09.2012, 10:13   #3
noelpy
 
Mehrere Trojaner entfernt - ist mein Rechner nun sauber? - Standard

Mehrere Trojaner entfernt - ist mein Rechner nun sauber?



Danke für die rasche Hilfe.
Hier die Logs:

ckfiles
Code:
ATTFilter
CKScanner - Additional Security Risks - These are not necessarily bad
c:\download\ooooooooooooooogta\grand_theft_auto_iv_update_v1.0.7.0-razor1911\crack\1911.dll
c:\download\ooooooooooooooogta\grand_theft_auto_iv_update_v1.0.7.0-razor1911\crack\launchgtaiv.exe
c:\program files\gta multi\bo2\gtasa\gta san andreas\data\decision\craig\crack1.ped
c:\program files (x86)\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\basedata\bridge_cracks.dds
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\basedata\church02_cracks.dds
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\basedata\collapsing01_cracks.dds
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\basedata\cracks01.dds
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\models\objects\missionspec\snowcracks01_big.v3o
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\models\objects\missionspec\snowcracks01_small.v3o
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\models\objects\objectchildren\church02_cracks.v3o
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\models\openhouses\burningtower\burning_tower01_cracks.dds
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\prototypes\objects\missionspec\snowcracks01_big.e4p
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\prototypes\objects\missionspec\snowcracks01_small.e4p
c:\program files (x86)\sixteen tons entertainment\emergency 4\data\prototypes\objects\objectchildren\church02_cracks.e4p
c:\users\****\downloads\winrar3.93_final_x32-x64_-reg-aktiviert\winrar3.93 final x32-x64 -reg-aktiviert\keygen(fff)\fff.nfo
c:\users\****\downloads\winrar3.93_final_x32-x64_-reg-aktiviert\winrar3.93 final x32-x64 -reg-aktiviert\keygen(fff)\keygen.exe
scanner sequence 3.IH.11.UVNAIX
 ----- EOF -----
         

mbam-log-2012-09-24 (11-06-37)
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.24.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Mats :: MATSBOOK [Administrator]

24.09.2012 11:06:37
mbam-log-2012-09-24 (11-06-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201386
Laufzeit: 1 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 3092 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart.

(Ende)
         
__________________

Alt 24.09.2012, 10:39   #4
Psychotic
/// Malwareteam
 
Mehrere Trojaner entfernt - ist mein Rechner nun sauber? - Standard

Mehrere Trojaner entfernt - ist mein Rechner nun sauber?



Code:
ATTFilter
grand_theft_auto_iv_update_v1.0.7.0-razor1911\crack\1911.dll
grand_theft_auto_iv_update_v1.0.7.0-razor1911\crack\launchgtaiv.exe
C:\Windows\KMService.exe
         



Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren.

Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien )
Dies ist einer der Hauptursachen für Infektionen.

Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden.
Darum haben wir uns darauf geeinigt:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Mehrere Trojaner entfernt - ist mein Rechner nun sauber?
autorun, bandoo, bho, bonjour, converter, driver genius, error, eset nod32, excel, failed, fehler, flash player, google, grand theft auto, home, iexplore.exe, install.exe, java/exploit.cve-2011-3544.bq, jdownloader, js/kryptik.vk, langsam, logfile, mozilla, mp3, msiinstaller, plug-in, realtek, registry, richtlinie, scan, security, software, svchost.exe, trojaner, usb, usb 2.0, windows



Ähnliche Themen: Mehrere Trojaner entfernt - ist mein Rechner nun sauber?


  1. Virus entfernt, bitte um Analyse, ob rechner nun sauber ist
    Log-Analyse und Auswertung - 29.01.2015 (15)
  2. Hatte Trojaner Aktivität , Ist mein rechner sauber ?
    Log-Analyse und Auswertung - 11.07.2013 (1)
  3. Groupon Trojaner mit Antivir gefunden. Ist mein Rechner jetzt wirklich sauber?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (9)
  4. bka-trojaner entfernt - ist Rechner sauber?
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (3)
  5. GVU Virus heute eingefangen und gleich entfernt - ist mein PC wirklich sauber? Wie checken?
    Log-Analyse und Auswertung - 19.01.2013 (11)
  6. Hatte GVU-Trojaner, angeblich entfernt, bin unsicher, ob mein System nun sauber ist
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (69)
  7. (2x) Security Shield / TR Atraps.Gen entfernt - ist mein Rechner jetzt wieder sauber?
    Mülltonne - 27.07.2012 (1)
  8. Ist mein Rechner wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  9. Win32/Bublik.b Trojaner entfernt - ist mein System jetzt wieder sauber?
    Log-Analyse und Auswertung - 01.02.2012 (26)
  10. Security Tool entfernt - Ist mein PC wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 01.09.2010 (4)
  11. Antivir Solution Pro - entfernt, aber ist mein Rechner wirklich sauber?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (17)
  12. Ist mein Rechner sauber?
    Log-Analyse und Auswertung - 19.05.2009 (28)
  13. Ist mein Rechner wieder sauber?
    Log-Analyse und Auswertung - 23.03.2009 (0)
  14. Ist mein Rechner sauber?
    Mülltonne - 04.03.2007 (3)
  15. Ist mein rechner jetzt sauber???
    Mülltonne - 06.01.2006 (2)
  16. Ist mein Rechner sauber???
    Log-Analyse und Auswertung - 22.11.2005 (2)
  17. Ist mein Rechner sauber?
    Log-Analyse und Auswertung - 04.12.2004 (7)

Zum Thema Mehrere Trojaner entfernt - ist mein Rechner nun sauber? - Hallo Forum! ich hatte die beiden folgenden Schädlinge auf dem Rechner: - Variante von Java/Exploit.CVE-2011-3544.BQ Trojaner - JS/Kryptik.VK Trojaner nun läuft mein Rechner weiterhin recht langsam und ich bin mir - Mehrere Trojaner entfernt - ist mein Rechner nun sauber?...
Archiv
Du betrachtest: Mehrere Trojaner entfernt - ist mein Rechner nun sauber? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.