Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Suisa 2.03 Virus durch Windowszurücksetzung entfernt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.08.2012, 03:13   #1
JohnAntohny
 
Suisa 2.03 Virus durch Windowszurücksetzung entfernt? - Standard

Suisa 2.03 Virus durch Windowszurücksetzung entfernt?



Guten Morgen zusammen,

Ich habe heute auf Movie2k.to mir einen Suisa 2.03 Virus eingefangen.

Danach habe ich die W-Lan Verbindung ausgeschaltet und meinen Laptop neugestartet. Ich konnte wieder auf meinen Laptop zugreifen und habe eine Windowszurücksetzung auf ein früheres Datum vorgenommen.

Jetzt kann ich zwar wieder problemlos meinen Laptop benützen, bin aber nicht sicher, ob ich den Virus entfernt habe?

Vielen Dank für Ihre Hilfe

Alt 28.08.2012, 14:00   #2
t'john
/// Helfer-Team
 
Suisa 2.03 Virus durch Windowszurücksetzung entfernt? - Standard

Suisa 2.03 Virus durch Windowszurücksetzung entfernt?





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.


Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 02.09.2012, 01:30   #3
JohnAntohny
 
Suisa 2.03 Virus durch Windowszurücksetzung entfernt? - Standard

Suisa 2.03 Virus durch Windowszurücksetzung entfernt?



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.09.2012 01:52:24 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 53,49% Memory free
7,60 Gb Paging File | 5,01 Gb Available in Paging File | 65,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278,34 Gb Total Space | 194,50 Gb Free Space | 69,88% Space Free | Partition Type: NTFS
Drive D: | 19,46 Gb Total Space | 2,82 Gb Free Space | 14,50% Space Free | Partition Type: NTFS
 
Computer Name: ***-HP | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-4104705130-4085712077-1065846160-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041CB177-2408-4679-8A35-28DABE4A316E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{07D69042-00FC-4E76-B106-49B36B57A49A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{26E3199C-A63E-47EF-B3A5-5C802CA5FE43}" = rport=137 | protocol=17 | dir=out | app=system | 
"{27B80568-F24A-4BEC-91BD-0887D01412AD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{47023330-6416-46A9-9A37-5F7971037755}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{47254B7B-8BA9-4BAC-9C49-8225789A714A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5C391551-4AED-43C3-B6B3-71C405DD110D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5F24ACEF-DF31-4043-BA4A-47DDC9E21385}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6C25FD57-6B5A-49EA-B6F9-B7E9BB0FE2A5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E1AC3A6-3DAA-4A16-A028-6640D92ED445}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{76F1961E-4F9B-4F65-8E2B-6368FE9519D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8876B13B-4C60-40D7-92B2-CB6BC11220A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C028785-A502-49C8-813A-79BD339C2858}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{907016C1-F565-4534-8A94-7CF4803D75FC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{94669E2F-4B6B-4E16-B60D-E8C14F983E35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A48FA767-E56A-494B-8641-BE88FB08889C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B47F8DB7-91D4-4709-A3F6-77880DE46CC5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B830EC36-F0DD-4FD4-A722-58E69195DA49}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BCEDB2A8-A9CA-4881-98F7-4E27DBEA088F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BFFCC129-EDD1-49CD-B11E-C044CE8DA930}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C53DA105-422C-4B24-9682-04493037B1B1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D00771C2-E05C-45FE-BB15-EF8031E527F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DBE3944C-D3D8-4E6C-9AE1-6B109F39333D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E0AB17D6-7FFF-408F-BDA5-0251EC851098}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7026C96-9A6B-4BA6-88AB-E4541FCA40AB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EE3AAF8F-E618-419E-AC70-5C847329D7D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F298334F-56B3-4653-B35B-A88DCD2BD947}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088F2DD7-174D-4776-9E68-04D67081F2E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CBBD794-C66F-4E59-99D3-ED8A7C3BB63D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{11C8E0F4-E6A4-42AB-8315-5AD289ED204A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{12FBF6AE-9E90-4504-8FEA-8840BB16FF26}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{181A2CC4-3977-4293-B6E3-61BEA5045186}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{18E67048-036E-499B-A6A6-57078BE2B759}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1F3506BE-DBE5-4F79-8912-4EA4930D4BF5}" = protocol=6 | dir=out | app=system | 
"{2417D48B-D634-4EFA-9F5F-0497B561A20A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2E4232FA-576E-4C64-BABE-612522BF40BC}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{451CC8C4-E190-4399-BA91-5768D752C538}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{4725DC1E-E061-41E5-BADE-73FD86EDFA27}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5343A1EB-26B8-4DB2-91BC-4FE9BB3F616B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{54E006A2-FA2B-4898-8FC0-EEDB4F5DFC98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54FA3476-9A67-4A60-950B-B7A1183FDBAE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6EC7A1ED-E651-4D31-AB1A-65C81F8C4005}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{729BA995-170F-4B5A-B147-153A8C5BE0BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{75B32370-1E06-42E1-BB1C-B63931186960}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7752ED76-8216-4CE8-BB81-CF7215EE19C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7BB0C26F-B016-4A39-AE61-E2D7E2DF122F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{85494165-71A2-4D9C-A3C2-84AFA96B03B0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{95CBA07D-5147-4A90-A720-B726B75CFDB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9DB962E2-25E8-4BED-845A-E927E6213A4B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A5F6C209-92F7-450E-85CF-72AB852E01AB}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{A873DB2F-7584-405B-B4DF-9FAC5E18C549}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AEEF01A4-845D-4231-9E47-FE937C39B6A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B8E94695-21E5-4647-BA22-2A17AAD2FCF0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B9355150-6223-4A83-B465-C68F7430FD8D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{C0B8F5E6-F9DF-4701-AF02-3ABF542C88EF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C404E3DA-3E01-4DBA-989D-DB27EBC1D11B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C5D65272-F3EA-4364-BB2B-670C21EA7800}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{C753B6A2-C914-46A6-ACE2-A908E1616913}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CBA0D70B-13BE-474C-A54E-96214A5B93B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CC1B48AE-5757-4512-A0EF-FA4A7A9B033D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D79C088E-E457-4EE7-95C4-9127C5E351D8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{DF337F79-0EC9-44C6-BE33-D992B6C0E8E7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EE7F1CB7-BBD9-4863-A740-F453782C984F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{FF0A83EC-142C-485E-848B-CE95FEC12DCF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E342EC6B-5F25-47FE-B92C-DE616149B430}" = HP Wireless Assistant
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{62BD9D85-46D9-400E-95F1-A09B667CB57F}" = HP Software Framework
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B360E24A-BF25-4353-AA79-1B54F509024A}" = HP Documentation
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"{THEGUILDREN-0010-2010-300520102330}_is1" = The Guild 2 - Renaissance
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Cities XL 2011" = Cities XL 2011
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Virtual Technician" = McAfee Virtual Technician
"MSC" = McAfee AntiVirus Plus
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4104705130-4085712077-1065846160-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.08.2012 19:23:36 | Computer Name = ***-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7363
 
Error - 22.08.2012 10:08:46 | Computer Name = ***-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.08.2012 10:08:46 | Computer Name = ***-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 53118278
 
Error - 22.08.2012 10:08:46 | Computer Name = ***-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53118278
 
Error - 22.08.2012 16:13:17 | Computer Name = ***-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.08.2012 16:13:17 | Computer Name = ***-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1186
 
Error - 22.08.2012 16:13:17 | Computer Name = ***-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1186
 
Error - 22.08.2012 16:46:48 | Computer Name = ***-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.08.2012 16:46:48 | Computer Name = ***-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1138
 
Error - 22.08.2012 16:46:48 | Computer Name = emre-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1138
 
[ Hewlett-Packard Events ]
Error - 07.07.2012 05:52:52 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = de-CH Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201207071152.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 18.07.2012 08:16:18 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071218021559.xml
 File not created by asset agent
 
Error - 18.07.2012 08:17:10 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = de-CH Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201207181417.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 25.07.2012 13:57:48 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = de-CH Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201207251957.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 13.08.2012 14:26:02 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = de-CH Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201208132026.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 15.08.2012 08:00:58 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081215020040.xml
 File not created by asset agent
 
Error - 15.08.2012 08:08:22 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = de-CH Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201208151408.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 22.08.2012 10:12:29 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = de-CH Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201208221612.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 27.08.2012 21:56:12 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081228035607.xml
 File not created by asset agent
 
Error - 27.08.2012 21:57:39 | Computer Name = ***-HP | Source = Hewlett-Packard | ID = 0
Description = de-CH Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201208280357.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
[ HP Wireless Assistant Events ]
Error - 18.04.2012 16:03:07 | Computer Name = ***-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 24.04.2012 07:04:17 | Computer Name = ***-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 24.04.2012 07:04:29 | Computer Name = ***-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 24.04.2012 07:04:31 | Computer Name = ***-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 24.04.2012 07:04:32 | Computer Name = ***-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 05.05.2012 09:50:53 | Computer Name = ***-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 05.05.2012 09:50:59 | Computer Name = ***-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 05.05.2012 09:51:06 | Computer Name = ***-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 05.05.2012 09:51:08 | Computer Name = ***-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 09.07.2012 13:42:37 | Computer Name = ***-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
 radios)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
[ System Events ]
Error - 27.08.2012 20:01:16 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst HPWMISVC erreicht.
 
Error - 27.08.2012 20:04:32 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Application Virtualization Client erreicht.
 
Error - 27.08.2012 20:04:32 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Application Virtualization Client" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 27.08.2012 20:04:32 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
 Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%1053
 
Error - 27.08.2012 21:44:56 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows-Firewall" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%5.
 
Error - 27.08.2012 21:46:29 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 27.08.2012 22:36:03 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst RtVOsdService erreicht.
 
Error - 28.08.2012 08:36:06 | Computer Name = ***-HP | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
 
Error - 28.08.2012 09:45:17 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst RtVOsdService erreicht.
 
Error - 28.08.2012 09:45:17 | Computer Name = ***-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst HPWMISVC erreicht.
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.09.2012 01:52:24 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 53,49% Memory free
7,60 Gb Paging File | 5,01 Gb Available in Paging File | 65,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278,34 Gb Total Space | 194,50 Gb Free Space | 69,88% Space Free | Partition Type: NTFS
Drive D: | 19,46 Gb Total Space | 2,82 Gb Free Space | 14,50% Space Free | Partition Type: NTFS
 
Computer Name: ***-HP | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\68eb2c96de3918a4757f5f768dc671c7\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (RtVOsdService) -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {571BF622-AE01-434F-8BEB-1741114BEBFC}
IE:64bit: - HKLM\..\SearchScopes\{0E6A28F3-520E-45E5-B935-D65211472E7A}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{571BF622-AE01-434F-8BEB-1741114BEBFC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{712E8CC8-2D38-4BB4-90C4-0BD67DFF37CA}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
IE - HKLM\..\SearchScopes,DefaultScope = {571BF622-AE01-434F-8BEB-1741114BEBFC}
IE - HKLM\..\SearchScopes\{0E6A28F3-520E-45E5-B935-D65211472E7A}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{571BF622-AE01-434F-8BEB-1741114BEBFC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{712E8CC8-2D38-4BB4-90C4-0BD67DFF37CA}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\..\SearchScopes,DefaultScope = {571BF622-AE01-434F-8BEB-1741114BEBFC}
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\..\SearchScopes\{0E6A28F3-520E-45E5-B935-D65211472E7A}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\..\SearchScopes\{571BF622-AE01-434F-8BEB-1741114BEBFC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcSearch?search={searchTerms}
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\..\SearchScopes\{712E8CC8-2D38-4BB4-90C4-0BD67DFF37CA}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\..\SearchScopes\{BEBE5196-5076-414B-A029-6EE75A575395}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.03.07 23:36:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.28 03:43:19 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\emre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\emre\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\emre\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Google Mail = C:\Users\emre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20110312134145.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110312134145.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-4104705130-4085712077-1065846160-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B4C0657-BFB9-44EF-8EA3-53DC88072FD6}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{552b7ad4-48dd-11e0-bf5e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{552b7ad4-48dd-11e0-bf5e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.02 01:33:41 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.02 00:24:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{95DA8974-12E3-44FC-B59B-FFEA172300F6}
[2012.09.02 00:20:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4DFA23F6-2EE9-44B8-8014-BD501BF5EEE6}
[2012.08.31 14:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.08.31 14:26:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{518C2860-9D93-4388-A238-7FB90A73E5E8}
[2012.08.30 00:35:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1218FD10-4FF6-4F7E-889A-6B9CF4EFD8EF}
[2012.08.29 05:46:01 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.08.29 03:49:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3A08F09E-A1BB-4A11-836E-59E8909D0F1F}
[2012.08.28 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.08.28 21:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.28 21:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.28 21:25:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.28 21:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.28 15:47:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3E3106A3-69FA-46E9-9D15-2567D6B6C466}
[2012.08.28 14:57:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
[2012.08.28 14:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2012.08.28 05:15:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.28 05:15:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.28 05:15:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.28 05:15:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.28 05:15:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.28 05:15:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.28 05:15:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.28 05:15:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.28 05:15:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.28 05:15:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.28 05:15:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.28 05:15:02 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.28 05:15:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.28 03:55:47 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.28 03:55:33 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.28 03:55:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.28 03:55:33 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.28 03:55:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.28 03:55:17 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.28 03:55:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.28 03:55:10 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.08.28 03:55:06 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.28 03:46:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{28D981B1-C71D-4DD5-B4E6-C1472123E150}
[2012.08.28 03:14:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{74A7F5D3-30F5-475F-8B69-F546B11ED619}
[2012.08.27 15:19:08 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Berke Bewerbungen
[2012.08.27 15:13:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D1F5BB13-C74F-4284-B27D-961C3CF4C009}
[2012.08.25 13:43:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{26493404-E6A1-4A61-B6C6-4A87156965FA}
[2012.08.23 16:28:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{774757E6-761D-4BB1-820D-D507398AA294}
[2012.08.23 04:28:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2497AFA9-B2E2-408F-B274-7D1424A9106A}
[2012.08.22 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6EFAA5DC-7A64-4ECE-9780-B703C2E5F258}
[2012.08.21 15:39:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bewerbung
[2012.08.21 01:28:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F5EDC653-30D2-4AFD-88C0-2722281574F7}
[2012.08.20 13:02:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A2479536-EAFE-4987-884F-34A272291F33}
[2012.08.19 15:07:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9E6347A3-4276-4D82-9330-03513B411933}
[2012.08.18 18:46:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F5C8B6A9-4253-487A-904C-EFF3AAF442CE}
[2012.08.17 14:56:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4E423B93-EFE6-4B98-8935-A9795D258025}
[2012.08.17 14:56:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0746FA75-A27F-4E2B-A5B0-E0F7E73D0DBB}
[2012.08.17 03:51:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7AE0FCBA-9784-4AB5-AB06-CAADCDFB5F84}
[2012.08.16 12:34:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{712E7E50-379D-4FAF-92C1-47F45D30CC1D}
[2012.08.16 12:34:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{54A37CB9-718F-4B23-8932-626D0B9467AA}
[2012.08.16 12:33:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DBB243D8-86C8-40CE-B9A3-E9BD3A82DD5C}
[2012.08.16 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EEA07E38-0219-479E-9B01-2C78D2C60AD9}
[2012.08.15 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{04EE7510-386A-4F6D-B37A-6E36B1B686A6}
[2012.08.14 14:03:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B0DA5723-D8A0-4AD5-BA37-ABE02081627E}
[2012.08.14 14:03:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4100F77D-8B57-46FD-8E29-524F48B4B35E}
[2012.08.13 19:45:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AE36808E-7C9F-401F-AAB7-D117EA63CB4E}
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.02 01:35:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.02 01:33:55 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.02 01:08:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.02 00:31:45 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.02 00:21:05 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
[2012.08.31 14:33:06 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 14:33:06 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 14:27:23 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012.08.31 14:24:34 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 21:25:53 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.28 14:37:29 | 000,285,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.28 03:56:55 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.26 20:42:42 | 002,145,742 | ---- | M] () -- C:\Users\***\Desktop\image2012-08-22-091308.pdf
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.28 21:25:53 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.26 20:42:42 | 002,145,742 | ---- | C] () -- C:\Users\***\Desktop\image2012-08-22-091308.pdf
[2011.08.10 15:33:25 | 000,001,479 | ---- | C] () -- C:\Users\emre\.recently-used.xbel
[2011.03.13 15:58:04 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.20 22:19:26 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010.10.20 22:19:26 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010.10.20 22:16:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
 
========== LOP Check ==========
 
[2011.05.22 17:51:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.10 15:33:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.08.29 06:37:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.03.13 15:58:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.06.19 14:09:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent
[2011.06.16 11:13:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.06.02 20:27:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs
[2012.08.28 14:57:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
[2012.05.05 15:48:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.09.02 00:21:05 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\vtscheduletask.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.07.07 12:13:36 | 000,000,000 | R--D | M](C:\Users\***\Desktop\5o ???t & G u???) -- C:\Users\***\Desktop\5o Сєиt & G uиіт
[2011.07.16 16:53:43 | 000,000,000 | R--D | C](C:\Users\***\Desktop\5o ???t & G u???) -- C:\Users\***\Desktop\5o Сєиt & G uиіт

< End of report >
         
--- --- ---
__________________

Alt 02.09.2012, 09:05   #4
t'john
/// Helfer-Team
 
Suisa 2.03 Virus durch Windowszurücksetzung entfernt? - Standard

Suisa 2.03 Virus durch Windowszurücksetzung entfernt?



Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)



Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 11.09.2012, 16:53   #5
JohnAntohny
 
Suisa 2.03 Virus durch Windowszurücksetzung entfernt? - Standard

Suisa 2.03 Virus durch Windowszurücksetzung entfernt?



Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.08.28.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: ***-HP [Administrator]

Schutz: Aktiviert

28.08.2012 21:31:30
mbam-log-2012-08-28 (21-31-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441754
Laufzeit: 2 Stunde(n), 18 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alt 12.09.2012, 08:30   #6
t'john
/// Helfer-Team
 
Suisa 2.03 Virus durch Windowszurücksetzung entfernt? - Standard

Suisa 2.03 Virus durch Windowszurücksetzung entfernt?



Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst.
Poste das Logfile bitte.


danach:


Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
--> Suisa 2.03 Virus durch Windowszurücksetzung entfernt?

Alt 01.11.2012, 03:31   #7
t'john
/// Helfer-Team
 
Suisa 2.03 Virus durch Windowszurücksetzung entfernt? - Standard

Suisa 2.03 Virus durch Windowszurücksetzung entfernt?



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Suisa 2.03 Virus durch Windowszurücksetzung entfernt?
ausgeschaltet, datum, entfern, entfernt, entfernt?, guten, heute, konnte, laptop, morgen, movie, movie2k.to, nicht sicher, problemlos, suisa, verbindung, virus, virus entfernt, w-lan, zugreife, zugreifen, zusammen



Ähnliche Themen: Suisa 2.03 Virus durch Windowszurücksetzung entfernt?


  1. Suisa Virus sperrt Laptop bei Internetempfang
    Log-Analyse und Auswertung - 06.09.2012 (33)
  2. Bundespolizei Virus / Trojaner vom 11.8. wirklich durch Systemwiederherstellung entfernt?
    Log-Analyse und Auswertung - 22.08.2012 (19)
  3. Virus Suisa auf Windows XP
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (13)
  4. Suisa - Symptome bereits entfernt
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (10)
  5. Suisa Virus entfernen (Malwarebytes Log im Post)
    Log-Analyse und Auswertung - 12.07.2012 (8)
  6. Suisa Virus
    Log-Analyse und Auswertung - 06.07.2012 (9)
  7. SUISA Virus Windows XP Professional eingefahren
    Log-Analyse und Auswertung - 24.06.2012 (1)
  8. Suisa Virus
    Log-Analyse und Auswertung - 15.06.2012 (1)
  9. Blockierter PC durch Suisa Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (21)
  10. SUISA VIRUS Windows XP
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (8)
  11. Suisa Virus blockiert
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (2)
  12. SUISA-Virus auf Windows Vista
    Log-Analyse und Auswertung - 15.05.2012 (10)
  13. suisa Virus
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (3)
  14. SUISA virus blockiert windows xp
    Plagegeister aller Art und deren Bekämpfung - 01.05.2012 (14)
  15. Suisa virus und reatogo-x-pe error
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (7)
  16. Suisa-Virus legt PC lam
    Plagegeister aller Art und deren Bekämpfung - 18.04.2012 (5)
  17. Suisa Virus in Windows 7
    Plagegeister aller Art und deren Bekämpfung - 17.04.2012 (1)

Zum Thema Suisa 2.03 Virus durch Windowszurücksetzung entfernt? - Guten Morgen zusammen, Ich habe heute auf Movie2k.to mir einen Suisa 2.03 Virus eingefangen. Danach habe ich die W-Lan Verbindung ausgeschaltet und meinen Laptop neugestartet. Ich konnte wieder auf meinen - Suisa 2.03 Virus durch Windowszurücksetzung entfernt?...
Archiv
Du betrachtest: Suisa 2.03 Virus durch Windowszurücksetzung entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.