| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira findet TR/ATRAPS.Gen2 - Und nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.08.2012, 14:40
| #1 |
| |  Avira findet TR/ATRAPS.Gen2 - Und nun? Gestern Abend schrie mich Avira mehrfach an, dass mir zwei "2 Viren oder unerwünschte Programme" zugelaufen seien. Ich habe die beiden in Quarantäne geschickt und mich hier im Forum umgesehen. Scheint ja grad groß in Mode zu sein. Habe also Avira durchlaufen lassen, der mir eben jenen Herrn (sind TRojaner männlich?) vorstellte. Danach habe ich mich an eure Ratschäge gehalten und Malwarebytes runtergeladen und ebenfalls durchlaufen lassen. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.04.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Computernutzer :: XXXXXXXX [Administrator] Schutz: Aktiviert 04.08.2012 12:31:53 mbam-log-2012-08-04 (12-31-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197649 Laufzeit: 3 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 04.08.2012 14:56:41 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Computernutzer\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 48,74% Memory free 7,72 Gb Paging File | 4,91 Gb Available in Paging File | 63,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,47 Gb Total Space | 376,85 Gb Free Space | 84,03% Space Free | Partition Type: NTFS Drive F: | 1,99 Gb Total Space | 1,49 Gb Free Space | 74,69% Space Free | Partition Type: FAT32 Drive K: | 931,28 Gb Total Space | 873,20 Gb Free Space | 93,76% Space Free | Partition Type: FAT32 Computer Name: XXXXX | User Name: Computernutzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Computernutzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Computernutzer\laxzyldodalp.exe (Fujitsu) PRC - C:\Computerprogramme\Tools\Firefox 4\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) PRC - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.) PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.) PRC - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) PRC - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Computerprogramme\Tools\Firefox 4\mozjs.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\SysWOW64\SUPSDK.dll () MOD - C:\Windows\SysWOW64\flcdlmsg.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) SRV:64bit: - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV:64bit: - (DEBridge) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.) SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.) SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.) SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.) SRV - (HPFSService) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (uArcCapture) -- C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.) SRV - (HP ProtectTools Service) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (FLCDLOCK) -- c:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Ltd) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (SbFsLock) -- C:\windows\SysNative\drivers\SbFsLock.sys (McAfee, Inc.) DRV:64bit: - (RsvLock) -- C:\windows\SysNative\drivers\RsvLock.sys (McAfee, Inc.) DRV:64bit: - (SafeBoot) -- C:\windows\SysNative\drivers\SafeBoot.sys () DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Development Company L.P.) DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\drivers\ss_mdm.sys (MCCI Corporation) DRV:64bit: - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\SysNative\drivers\ss_bus.sys (MCCI Corporation) DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\drivers\ss_mdfl.sys (MCCI Corporation) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SbAlg) -- C:\windows\SysNative\drivers\SbAlg.sys (McAfee, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (SbAlg) -- C:\windows\SysWow64\drivers\SbAlg.sys (McAfee, Inc.) DRV - (SbFsLock) -- C:\windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.) DRV - (RsvLock) -- C:\windows\SysWow64\drivers\rsvlock.sys (McAfee, Inc.) DRV - (SafeBoot) -- C:\windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} IE:64bit: - HKLM\..\SearchScopes\{AA5CC064-C92C-4050-82FD-3CA90F36F4FF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\..\SearchScopes,DefaultScope = {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} IE - HKLM\..\SearchScopes\{AA5CC064-C92C-4050-82FD-3CA90F36F4FF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\..\SearchScopes,DefaultScope = {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} IE - HKCU\..\SearchScopes\{AA5CC064-C92C-4050-82FD-3CA90F36F4FF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010.12.07 14:05:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Computerprogramme\Tools\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Computerprogramme\Tools\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Computerprogramme\Tools\Firefox 4\components [2012.07.19 07:38:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Computerprogramme\Tools\Firefox 4\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Computerprogramme\Tools\Firefox 4\components [2012.07.19 07:38:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Computerprogramme\Tools\Firefox 4\plugins [2011.04.28 13:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computernutzer\AppData\Roaming\mozilla\Extensions [2011.04.28 13:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computernutzer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.26 07:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computernutzer\AppData\Roaming\mozilla\Firefox\Profiles\ocf3swow.default\extensions [2011.12.04 12:05:10 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\Computernutzer\AppData\Roaming\mozilla\Firefox\Profiles\ocf3swow.default\extensions\toolbar@ask.com [2011.05.01 21:10:18 | 000,002,101 | ---- | M] () -- C:\Users\Computernutzer\AppData\Roaming\Mozilla\Firefox\Profiles\ocf3swow.default\searchplugins\googlede.xml [2011.05.08 18:14:35 | 000,013,074 | ---- | M] () (No name found) -- C:\USERS\Computernutzer\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OCF3SWOW.DEFAULT\EXTENSIONS\{B0D70E72-2FC1-4B9F-A3D4-5921C854D906}.XPI O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [HP Officejet 6700 (NET)] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe () O4 - HKCU..\Run: [laxzyldodalp] C:\Users\Computernutzer\laxzyldodalp.exe (Fujitsu) O4 - HKCU..\Run: [Regedit32] C:\windows\system32\regedit.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C55543F1-9079-467A-83A8-000C31B1A976}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\bwfile-8876480 - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk K:\ O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.04 12:07:00 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Computernutzer\Desktop\OTL.exe [2012.08.04 11:23:07 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Roaming\Malwarebytes [2012.08.04 11:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.04 11:22:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.08.04 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.04 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.04 07:50:52 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{DBF177AE-1332-4BC6-987D-4EEDE9AF353F} [2012.08.04 07:50:40 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{34E33F26-1AF2-4BDF-89C4-D0017B363850} [2012.08.03 19:45:18 | 000,094,144 | ---- | C] (Fujitsu) -- C:\Users\Computernutzer\laxzyldodalp.exe [2012.08.03 19:06:05 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{D2ACB7EE-BF23-4831-ABE2-5AF081780A60} [2012.08.03 19:05:54 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{3263B331-D3EF-4700-B2F7-B318ED2A98B1} [2012.08.03 07:05:40 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{3085B1C2-572D-4119-A310-1D789B10DEC1} [2012.08.03 07:05:28 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{9E69E896-5ADC-45B9-BE7A-8221451C875C} [2012.08.02 19:00:17 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{AD1BA86B-CBD0-43E0-9F12-D154F887D34D} [2012.08.02 19:00:05 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{FFF21324-6B6B-43AB-B437-B6C4AC93A4B9} [2012.08.02 06:59:50 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{D58E3744-2CB8-4986-B01A-A6FDBD5BA558} [2012.08.02 06:59:37 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{9FDF5E1A-173A-4F1C-A8D9-A8E9B5E84E52} [2012.08.01 10:40:27 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{3DA1DC65-B5C8-49D3-8A1C-F9E95F0C4821} [2012.08.01 10:40:15 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{6DBE0106-AAF7-4CBF-B919-527EB47F06B7} [2012.07.31 20:50:21 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{7D2DBF5F-977F-41F2-801F-168ED75A1C71} [2012.07.31 20:50:10 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{7757457E-4A4C-4167-8AB6-E0F68BEEDF48} [2012.07.31 08:49:44 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{5C7270FC-89EF-4FDA-85C2-D61651961FFD} [2012.07.31 08:49:33 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{9BECB045-7D22-4DAC-AD18-ABB4796D3D11} [2012.07.30 20:49:07 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{FCBE1E20-3174-4C80-B9E0-3BDF92BDD49C} [2012.07.30 20:48:56 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{7D162BAE-1796-4073-94EA-9D5F3ECCF137} [2012.07.30 08:48:42 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{9D0F6C71-6894-4679-B9F7-1CDDBDEB4F78} [2012.07.30 08:48:30 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{8B263509-9A92-4A1A-8301-009A496C33AC} [2012.07.29 20:48:04 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{B14FC4D1-0939-4F45-B4A2-FE7D9C9D18EE} [2012.07.29 20:47:52 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{DCC7D648-CC68-4ABB-9072-D16EE3A99C6B} [2012.07.29 08:47:39 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{BE9C48B3-426F-436C-B312-A55E0BC9CD27} [2012.07.29 08:47:27 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{1F1CC44A-CD9E-485B-8C8D-666B8E91ED49} [2012.07.28 20:47:02 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{FE66390A-7ED7-439F-A797-F6651345F471} [2012.07.28 20:46:51 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{F22CA9A5-138C-4441-8C95-DEA1B43B3A34} [2012.07.28 08:46:37 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{3224C4AC-5367-4F43-957B-AC9AADE0E85E} [2012.07.28 08:46:25 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{0DD08FC2-55FE-4A59-9C29-7787A92FEABC} [2012.07.27 19:26:07 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{3D49875E-53FB-4392-B70F-3132A0781806} [2012.07.27 19:25:55 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{0CFF88C1-6805-45C3-AE75-A7C9C9FCB026} [2012.07.27 07:25:29 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{4F7D77F2-4938-444C-BBFC-59A12CE5DB5F} [2012.07.27 07:25:17 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{9BDC492E-7477-4B90-B6DE-1F3A81CA9BEA} [2012.07.26 19:24:51 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{5A67B378-E679-4BB4-B591-5DEDB9C191FA} [2012.07.26 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{6FF8E7F2-482B-4E61-85FF-F7D5E5680C2C} [2012.07.26 07:24:13 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{39C54813-11A6-4CE1-AE73-4EC8F6FCC6DB} [2012.07.26 07:24:02 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{AC0ACB0E-6457-44E9-8212-D4A196FC4170} [2012.07.25 19:23:35 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{45471B71-5378-424D-9533-6508871B08DF} [2012.07.25 19:23:23 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{11C12AE8-99B1-461C-8AE6-599ADC9144B7} [2012.07.25 07:23:10 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{0B2F655A-4D39-42C5-A2D8-041A95414A06} [2012.07.25 07:22:58 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{C3D69197-DA2D-4846-AE4B-AC71C82A28E5} [2012.07.24 18:08:02 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{A649187F-DB2A-43BE-9F84-5B5E5A60A541} [2012.07.24 18:07:50 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{6F4ED975-7A1D-40D2-AADF-B63E3E310012} [2012.07.22 08:47:17 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{2D0CBF67-83DA-48C3-B248-3FF1D2404316} [2012.07.22 08:47:06 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{AAE5149D-F460-4173-AD11-390193493AFD} [2012.07.21 20:46:39 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{9328297F-2EC3-4458-A14F-7C67E764C2AC} [2012.07.21 20:46:28 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{B8586508-DAAF-4309-98C3-F7D23A61CD18} [2012.07.21 08:46:14 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{FC693C03-A92C-4F16-AC7F-BBF42B3DDA57} [2012.07.21 08:46:03 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{3CC73CA8-25C3-4FB2-B2C8-3971DC171A9B} [2012.07.20 20:45:36 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{B47763A3-B3A3-4026-A479-5A3298D80635} [2012.07.20 20:45:25 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{6C8AB677-2A6E-4181-9B92-E652CC5C87B7} [2012.07.20 20:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012.07.20 20:05:45 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\Google [2012.07.20 20:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.07.20 08:45:12 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{4D4A3013-EAF5-4B8A-992E-0AA315C3A0F7} [2012.07.20 08:45:00 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{FD2E60CB-231A-4E43-979B-B2523B109621} [2012.07.19 20:40:42 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{7702F578-8FF7-4157-A7C1-DF21A3EB3C67} [2012.07.19 20:40:31 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{43489334-33C0-4F89-9C29-7BD02738978F} [2012.07.19 08:40:18 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{F03AAF95-3FCA-4190-9491-33C3946D0C96} [2012.07.19 08:40:06 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{7541E48A-E547-4FA1-BB6A-CC02D7922BDF} [2012.07.18 20:31:56 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{259CE5CE-ADB8-4B3A-86D0-A81984FA6E8F} [2012.07.18 20:31:45 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{7AB170F9-8805-407A-B83B-62984DA1BC52} [2012.07.18 08:31:31 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{A7EB41E0-1E58-4C1D-B60A-8CAEAD966055} [2012.07.18 08:31:19 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{949BE147-BA1C-4F99-B274-4924A9EF92C1} [2012.07.17 20:30:53 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{E7099551-C20F-47D2-8384-134834E9B64A} [2012.07.17 20:30:42 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{C0BD17D9-7A59-4C16-A391-478A56FC1C60} [2012.07.17 08:30:28 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{9857C450-3487-44BA-BA29-275C46F42C07} [2012.07.17 08:30:16 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{0599DEA9-A111-4F55-9AB1-FBA58DAD026C} [2012.07.16 20:29:50 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{0CED6FE8-31F8-4FDD-8D97-0B2181001585} [2012.07.16 20:29:38 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{AA6B684D-0640-4A25-A564-739E4A7CD317} [2012.07.16 08:29:25 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{1064A33F-60EF-4251-BA97-DB158BA33337} [2012.07.16 08:29:14 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{86BD0C47-8A21-4459-98A4-27164B2EC39C} [2012.07.15 20:26:20 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{524CC360-0616-458E-B5E5-BFCF96A47374} [2012.07.15 20:26:08 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{F46085AC-BD36-465F-A1A0-73A19D59BD97} [2012.07.15 08:25:55 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{84B3A21F-1D9A-4DF2-9814-A397824A46D3} [2012.07.15 08:25:43 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{2827A833-084A-41A1-8926-2D92423D41FA} [2012.07.14 20:25:10 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{7DA19BD3-9EED-46A9-A194-193666514AF4} [2012.07.14 20:24:59 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{90E0365E-8CB1-42CC-8F4F-77DBAD4E0BC7} [2012.07.14 08:24:32 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{D729281A-D776-493B-927B-E26D5ECEC4D9} [2012.07.14 08:24:21 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{0135C5E0-EF08-440E-83E6-5A5D1BAF44E7} [2012.07.13 10:34:47 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{D2290DA8-85DC-41C5-AFB8-81A5614DC316} [2012.07.13 10:34:36 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{6F213D76-084B-4D38-A08A-6714C84F993D} [2012.07.12 20:55:45 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{13D354D5-50D5-4F77-8310-75DC78F8B1ED} [2012.07.12 20:55:34 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{257D85DD-ADD0-48CA-96A4-F8D4A7D87D93} [2012.07.12 08:55:20 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{ED7953AE-9C01-4CB1-8939-91DA9F33CF94} [2012.07.12 08:55:09 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{CF153884-EF4B-4E42-84FA-F37AD0374E9B} [2012.07.11 20:54:42 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{0101EAFC-E835-45E0-AD5A-949302CACDA8} [2012.07.11 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{DB1692A0-435E-49F3-AC27-2534312EF4A2} [2012.07.11 08:54:04 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{B495E5FD-8E4C-4086-BA48-C7AA4C195885} [2012.07.11 08:53:52 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{63595807-C2D7-4708-B5C1-6DA52381138A} [2012.07.11 07:14:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll [2012.07.11 07:14:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll [2012.07.11 07:14:34 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2012.07.11 07:14:26 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll [2012.07.11 07:14:24 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll [2012.07.10 20:53:26 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{18835343-FDDE-40F8-9338-E186623F4F00} [2012.07.10 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{55FE47BF-2AEC-482D-AE5E-908FF70B4D3A} [2012.07.10 08:53:01 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{78907F63-D441-4089-88DF-7BEE58F91B0A} [2012.07.10 08:52:49 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{D1226D1A-F2AF-4FBE-B3FB-49CDD9BAD5BE} [2012.07.09 20:52:24 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{278DD84D-0F3E-4B7E-842E-3D734A35ADF5} [2012.07.09 20:52:12 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{71A94465-0281-4A2D-9A68-D8BFE222541D} [2012.07.09 08:51:47 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{1E65E45D-3EC0-4210-9BF3-060957B10465} [2012.07.09 08:51:35 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{C78CC3AB-28D2-4F5C-BA5F-718414DF2DDA} [2012.07.08 20:06:28 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{28BE3F45-96D8-4CB1-AA78-6277A6040490} [2012.07.08 20:06:17 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{C11A43A3-7310-43D4-BC57-A6EBF145D97B} [2012.07.08 08:05:51 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{080DFF47-DC43-4E2A-8E86-4242DC790197} [2012.07.08 08:05:39 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{2D592B95-F4FB-4F76-8869-4DAE7CAD1EF7} [2012.07.07 18:33:37 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{83C6E13C-786F-4287-A564-D6B978C6B355} [2012.07.07 18:33:25 | 000,000,000 | ---D | C] -- C:\Users\Computernutzer\AppData\Local\{3F21B24A-CCB5-47BA-99FC-3738854B656A} ========== Files - Modified Within 30 Days ========== File not found -- C:\windows\SysNative\ [2012.08.04 14:36:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.08.04 14:25:30 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 14:25:30 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 14:22:15 | 020,505,326 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.08.04 14:22:15 | 006,707,608 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.08.04 14:22:15 | 006,586,316 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.08.04 14:22:15 | 005,941,986 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.08.04 14:22:15 | 000,005,418 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.08.04 14:17:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.08.04 14:17:13 | 4143,374,336 | -HS- | M] () -- C:\hiberfil.sys [2012.08.04 12:07:03 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Computernutzer\Desktop\OTL.exe [2012.08.04 11:22:51 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.03 20:36:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.08.03 20:36:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.03 19:46:17 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\services.exe [2012.08.03 19:44:50 | 000,094,144 | ---- | M] (Fujitsu) -- C:\Users\Computernutzer\laxzyldodalp.exe [2012.08.03 11:25:40 | 000,021,590 | ---- | M] () -- C:\Users\Computernutzer\AppData\Local\recently-used.xbel [2012.08.03 06:59:45 | 000,000,376 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForComputernutzer.job [2012.07.30 18:14:14 | 000,001,959 | ---- | M] () -- C:\Users\Computernutzer\AppData\Roaming\SAS7_000.DAT [2012.07.20 20:06:01 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012.07.20 10:10:26 | 001,671,333 | ---- | M] () -- C:\Users\Computernutzer\Desktop\IMG_4794.JPG [2012.07.18 15:47:48 | 000,000,089 | ---- | M] () -- C:\Users\Computernutzer\Desktop\verkleinerer.set [2012.07.13 13:38:26 | 000,321,334 | ---- | M] () -- C:\Users\Computernutzer\Desktop\url.jpg [2012.07.12 07:08:27 | 000,757,344 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.07.08 08:11:40 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== File not found -- C:\windows\SysNative\ [2012.08.04 11:22:51 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.03 11:25:40 | 000,021,590 | ---- | C] () -- C:\Users\Computernutzer\AppData\Local\recently-used.xbel [2012.07.30 06:56:22 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.07.20 20:06:01 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012.07.20 10:10:21 | 001,671,333 | ---- | C] () -- C:\Users\Computernutzer\Desktop\IMG_4794.JPG [2012.07.13 13:38:25 | 000,321,334 | ---- | C] () -- C:\Users\Computernutzer\Desktop\url.jpg [2012.06.05 13:19:25 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.01.29 14:19:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\C71BD952FD.sys [2012.01.21 21:07:17 | 000,000,576 | ---- | C] () -- C:\windows\wiso.ini [2011.06.09 19:49:22 | 000,001,959 | ---- | C] () -- C:\Users\Computernutzer\AppData\Roaming\SAS7_000.DAT [2011.06.02 13:06:07 | 000,101,384 | ---- | C] () -- C:\Users\Computernutzer\AppData\Roaming\mdbu.bin [2011.05.10 22:25:30 | 000,005,120 | ---- | C] () -- C:\Users\Computernutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.08 18:13:11 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll [2011.05.01 09:38:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.29 20:10:26 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.04.27 17:08:56 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.03.11 10:34:14 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll [2011.03.11 10:34:13 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2011.03.11 10:34:13 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2011.03.11 10:24:27 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2010.12.07 14:41:09 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdfdfgc.sys [2010.12.07 14:18:44 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini [2010.12.07 14:10:25 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 861 bytes -> C:\Users\Computernutzer\Documents\Sport Stadl_ Order 11301.eml:OECustomProperty @Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:0FF263E8 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.08.2012 14:56:41 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Computernutzer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 48,74% Memory free
7,72 Gb Paging File | 4,91 Gb Available in Paging File | 63,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,47 Gb Total Space | 376,85 Gb Free Space | 84,03% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,49 Gb Free Space | 74,69% Space Free | Partition Type: FAT32
Drive K: | 931,28 Gb Total Space | 873,20 Gb Free Space | 93,76% Space Free | Partition Type: FAT32
Computer Name: XXXXXX | User Name: Computernutzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\windows\regedit.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Computerprogramme\Tools\Firefox 4\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Computerprogramme\Grafik\Irfanview\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Computerprogramme\Grafik\Irfanview\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}" = Privacy Manager for HP ProtectTools
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E21ACD8-DA65-4FB6-AC75-AA626CBD2926}" = HP Officejet 6700 - Grundlegende Software für das Gerät
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{18B7C522-0623-C939-C17D-65359FB42BDB}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{32C278B2-BC1F-4018-8FB4-2012A40D9FC1}" = HP Power Assistant
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{516DA517-73A0-40F8-8CD9-E5ED4EC383E5}" = Validity Fingerprint Driver
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89D7DD37-5A15-46E0-9C3C-A0004C4F1A38}" = Drive Encryption for HP ProtectTools
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A78F11F2-A478-4BF8-A29A-63746D8A97C9}" = HP ProtectTools Security Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E534C3AC-6D49-4EAC-8993-C1F0FF545B67}" = ATI Catalyst Install Manager
"{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook
"{E793990C-90BE-4B69-AC29-BF5E8FD4ED54}" = Face Recognition for HP ProtectTools
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F2177395-FD90-44B0-AFB8-2E0566855E5C}" = HP Power Data
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.0
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking
"{016E43D3-6E3A-507C-5180-08A592A09D93}" = CCC Help Russian
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{049F82E6-AA8C-D885-07A0-FF69690DD9C5}" = CCC Help Chinese Standard
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0EAB8F33-5A3E-BE80-3D11-7BBD79FB002A}" = CCC Help Thai
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21385719-E020-4ED8-A3D4-6B46D0E5DAB1}" = ArcSoft TotalMedia
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2606650A-9367-D0AE-EF8D-CF627C9082E4}" = Catalyst Control Center Graphics Previews Vista
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3133EC72-0790-4315-A7D3-BEFA0110F4D7}" = TotalMedia Suite update
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{345E500B-471A-593B-BCEA-EE73E391CFBD}" = CCC Help Korean
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3556F018-53B9-2715-5F8A-4C40E529DA76}" = CCC Help Hungarian
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{466AA29C-0BE5-902A-BD90-D87C846CD947}" = CCC Help Turkish
"{46A5EF84-99CF-2BA6-EF3E-5438190CBA5F}" = Catalyst Control Center Localization All
"{480E1460-BEEA-828B-9802-82C440EA5E5B}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}" = HP Officejet 6700 Hilfe
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{586414D6-B3E1-F163-223D-D298E80727E1}" = CCC Help Czech
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DFE5A09-5030-6B21-6E8E-987FAD247BD2}" = CCC Help Polish
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7861911B-4270-498A-8F7A-FCF0570F487D}" = HP QuickWeb
"{7D90F99D-0D3A-9B0F-1AB6-4C142098A23C}" = CCC Help Portuguese
"{8111D017-F77E-4387-B07E-4C4ACF4866FA}" = CCC Help Norwegian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEAB1B-72AC-4C99-B5CB-C9B37C86F11F}" = Catalyst Control Center - Branding
"{9FA32684-39EF-10A1-4896-95A28BD2A51C}" = CCC Help English
"{A60F1207-CB8B-DFE4-B0B2-28781A9918F5}" = CCC Help Greek
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B31E60DA-0FB3-8C8F-7F00-8FC5A2E716A6}" = CCC Help Danish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB922B1F-5CFB-C323-F35C-517FA74BF17E}" = CCC Help French
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C7FD3148-0065-253C-E0A9-62C1B2307421}" = CCC Help Italian
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D21160A2-8B5F-409C-99C8-03582F5324B7}" = HP Documentation
"{D3E71122-71F0-C06F-A482-8997D22301F4}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D89F6F7C-1966-9408-40A7-4877F5A85005}" = ccc-core-static
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{DC1F523C-FB0A-885F-CC3F-FA7E749213B6}" = CCC Help Dutch
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}" = HP Setup
"{E9729C11-2758-5F56-B661-3D99498454CA}" = CCC Help Spanish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1410C34-CCC7-4443-B698-7E9FF42F4FA3}" = Corel Home Office
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F626688A-B307-2D16-DDCE-F24633F848F2}" = Catalyst Control Center InstallProxy
"{F75A2405-6EF2-8651-3C36-FEA98F6681ED}" = CCC Help German
"{F7E55D3B-D675-4511-6B36-2766DC819432}" = CCC Help Chinese Traditional
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC023480-A05B-ED84-877F-547EA3CD3DCB}" = CCC Help Finnish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Drive Encryption" = Drive Encryption for HP ProtectTools
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Inkscape" = Inkscape 0.48.1
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"IrfanView" = IrfanView (remove only)
"Lidl-Fotos_is1" = Lidl-Fotos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDF Complete" = PDF Complete Special Edition
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Sweet Home 3D_is1" = Sweet Home 3D version 3.4
"SymSilent" = SymSilent
"tigo-IT ReNo 2007 Add-In_is1" = ReNo Freeware 2007 Add-In
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.08.2012 06:00:58 | Computer Name = XXXXXXXXX | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 04.08.2012 06:00:58 | Computer Name = XXXXXXXXXX | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 04.08.2012 06:00:58 | Computer Name = XXXXXXXXX| Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 04.08.2012 07:20:34 | Computer Name = XXXXXXXX| Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4f981ba7 Name des fehlerhaften Moduls: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4f981ba7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000cecd ID des fehlerhaften
Prozesses: 0xc44 Startzeit der fehlerhaften Anwendung: 0x01cd722548482175 Pfad der
fehlerhaften Anwendung: C:\windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
C:\windows\SysWOW64\svchost.exe Berichtskennung: 67e6529f-de26-11e1-b23d-cc52af1dfe0d
Error - 04.08.2012 07:22:37 | Computer Name = xxxxxxxxxx | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 04.08.2012 07:22:37 | Computer Name = xxxxxxxxxx | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 04.08.2012 07:22:37 | Computer Name = xxxxxxxxxx | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 04.08.2012 08:22:11 | Computer Name = xxxxxxxxxx | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 04.08.2012 08:22:12 | Computer Name = xxxxxxxxxx | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 04.08.2012 08:22:12 | Computer Name = xxxxxxxxxx | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ Hewlett-Packard Events ]
Error - 23.06.2011 11:34:44 | Computer Name = xxxxxxxxxx | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HP.ActiveSupportLibrary
bei HP.ActiveSupportLibrary.Issues.HPSFSession.?()
Error - 10.07.2011 15:10:22 | Computer Name = xxxxxxxxxx | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071110091014.xml
File not created by asset agent
Error - 14.07.2011 03:52:52 | Computer Name = xxxxxxxxxx | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071114095250.xml
File not created by asset agent
Error - 28.07.2011 11:20:43 | Computer Name = xxxxxxxxxx | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071128052041.xml
File not created by asset agent
Error - 28.07.2011 11:23:13 | Computer Name = xxxxxxxxxx | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HP.ActiveSupportLibrary
bei HP.ActiveSupportLibrary.Issues.HPSFSession.?()
Error - 11.08.2011 11:16:18 | Computer Name = xxxxxxxxxx | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081111051609.xml
File not created by asset agent
Error - 24.08.2011 07:46:38 | Computer Name = xxxxxxxxxx | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081124014628.xml
File not created by asset agent
Error - 25.08.2011 11:51:40 | Computer Name = xxxxxxxxxx | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081125055137.xml
File not created by asset agent
Error - 13.10.2011 15:48:49 | Computer Name = xxxxxxxxxx | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/e6950134_90d6_47bc_9335_f11629abecfe/8qyukltesbqnj_guclgioy08_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3951 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)
Error - 05.02.2012 02:54:08 | Computer Name = xxxxxxxxxx | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 3951 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ HP Power Assistant Events ]
Error - 21.12.2011 02:38:33 | Computer Name = xxxxxxxxxx | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.
Error - 21.12.2011 02:38:37 | Computer Name = xxxxxxxxxx | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4).
Error - 21.12.2011 02:38:37 | Computer Name = xxxxxxxxxx | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 22.12.2011 02:16:38 | Computer Name = xxxxxxxxxx | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.
Error - 22.12.2011 02:16:42 | Computer Name = XXXXX | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4).
Error - 22.12.2011 02:16:42 | Computer Name = xxxxxxxxxx | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 22.12.2011 09:57:35 | Computer Name = xxxxxxxxxx | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException Fehler im XML-Dokument. bei System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader, String encodingStyle, XmlDeserializationEvents events) bei System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) bei HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput& pmcData)
bei HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)
Error - 22.12.2011 09:57:35 | Computer Name = xxxxxxxxxx | Source = HP PA Service | ID = 0
Description = System.FormatException Die Zeichenfolge '2037-37-37T37:37:37' kein
gültiger AllXsd-Wert. bei System.Xml.Schema.XsdDateTime..ctor(String text, XsdDateTimeFlags
kinds) bei System.Xml.XmlConvert.ToDateTime(String s, XmlDateTimeSerializationMode
dateTimeOption) bei System.Xml.Serialization.XmlSerializationReader.ToDateTime(String
value) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read96_GetPMCDataOutputOutputData(Boolean
isNullable, Boolean checkType) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read97_GetPMCDataOutputOutput(Boolean
isNullable, Boolean checkType) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read98_GetPMCDataOutput(Boolean
isNullable, Boolean checkType) bei Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read227_GetPMCDataOutput()
Error - 23.12.2011 02:08:32 | Computer Name = xxxxxxxxxx | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.
Error - 23.12.2011 02:08:38 | Computer Name = xxxxxxxxxx | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4).
[ HP Wireless Assistant Events ]
Error - 27.03.2012 16:58:25 | Computer Name = xxxxxxxxxx | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 27.03.2012 16:58:25 | Computer Name = xxxxxxxxxx | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
[ System Events ]
Error - 04.08.2012 05:56:59 | Computer Name = xxxxxxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 04.08.2012 05:56:59 | Computer Name = xxxxxxxxxx | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 04.08.2012 07:16:22 | Computer Name = xxxxxxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 04.08.2012 07:16:22 | Computer Name = xxxxxxxxxx | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 04.08.2012 08:18:00 | Computer Name = xxxxxxxxxx | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 04.08.2012 08:18:01 | Computer Name = xxxxxxxxxx | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 04.08.2012 08:18:01 | Computer Name = xxxxxxxxxx | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 04.08.2012 08:18:01 | Computer Name = xxxxxxxxxx | Source = Service Control Manager | ID = 7003
Description = Der Dienst "SBSD Security Center Service" ist von folgendem Dienst
abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
Error - 04.08.2012 08:26:58 | Computer Name = xxxxxxxxxx | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 04.08.2012 08:26:58 | Computer Name = xxxxxxxxxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
< End of report >
Damit bin ich am Ende mit meinem Latein. Leider will sich immer noch eine exe-Datei Namens laxzyldodalp installieren, der ich genau das natürlich nicht erlauben will. Ablehnen geht nicht, das Fenster bleibt hartnäckig. Ich bin computertechnisch eine Null, wäre euch also wirklich dankbar, wenn ich von eurem Gehirnschmalz profitieren könnte. Von Fachbegriffen habe ich so gar keine Ahnung, redet bitte so, dass es ein Grundschüler versteht  .Wenn ihr Ideen oder gar Lösungen habt, die vermeiden, dass ich meinen Schleppi kurz und klein hacken muss, dann jetzt schon danke! Betty |
|
06.08.2012, 19:17
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira findet TR/ATRAPS.Gen2 - Und nun?Zitat:
__________________ |
|
06.08.2012, 19:45
| #4 |
| | Avira findet TR/ATRAPS.Gen2 - Und nun? Oh, ich hatte ja gar nicht mehr mit einer Antwort gerechnet. Ich habe in einem anderen Forum von diesem ominösen laxzyldodalp gelesen, und erinnerte, dass auch bei mir Avira erst mit den Meldungen anfing, nachdem mein Rechner ein Adobe Flash Update runtergeladen hatte. Und so habe ich alle Temp-Ordner mittels CCleaner gelöscht, danach meldete sich nochmals Avira, verschob das Ding in Quarantäte und danach sah und hörte ich nichts wieder davon. Verschiedenes drüberlaufen lassen, aber keine Meldungen mehr, hier im Anhang noch das Logfile von Malwarebytes. Ja, isser nun weg oder nich? Betty Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.06.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Computernutzer :: XXXXXXXXXX[Administrator] Schutz: Aktiviert 06.08.2012 20:21:40 mbam-log-2012-08-06 (20-21-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 196920 Laufzeit: 4 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
07.08.2012, 14:30
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet TR/ATRAPS.Gen2 - Und nun? Nach einem einfachen Quickscan nur mit Malwarebytes kann man den Status des Systems nun wirklich nicht beurteilen! Wenn dem doch so wäre, wäre das Board ja überflüssig, weil ja jeder alle seine Probleme mit 1x Quickscan mit Malwarebytes löst! Tja schön wärs   Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Avira findet TR/ATRAPS.Gen2 - Und nun? |
| 7-zip, adobe, antivir, autorun, avg, avira, bho, bingbar, document, error, explorer, failed, fehler, firefox, flash player, format, hacken, home, install.exe, logfile, microsoft office starter 2010, mozilla, officejet, plug-in, realtek, registry, remote control, rundll, safer networking, security, software, svchost.exe, trojaner, usb 2.0, viren |
Linear-Darstellung
