| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Polizei Trojaner - Bezahlen Sie mit UkashWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.11.2012, 21:01
| #1 |
 |  Polizei Trojaner - Bezahlen Sie mit Ukash Hallo zusammen! Nachdem ich mir den Polizei-Trojaner eingefangen habe, habe ich meinen Laptop im abgesichtern Modus hochgefahren und per USB-Stick nach euer Anleitung "Malewarebytes Anit-Maleware" den ersten Scan durchgeführt. Dann denn Laptop neu gestartet und auch im normalen Modus einen Scan laufen lassen: 1.SCAN mit Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.09.29.05 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 mueller :: MÜLLER-HP [Administrator] Schutz: Deaktiviert 11.11.2012 18:26:42 mbam-log-2012-11-11 (18-26-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 196695 Laufzeit: 2 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\mueller\0.47107507873467436.exe (Exploit.Drop.UR.2) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 2.SCAN mit Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.11.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mueller :: MÜLLER-HP [Administrator] Schutz: Aktiviert 11.11.2012 18:35:32 mbam-log-2012-11-11 (18-35-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 395954 Laufzeit: 1 Stunde(n), 14 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Weiter gem. der Anleitung "an alle Hilfesuchenden" hier die Protokolle der Reihe nach: DEFOGGER: defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:00 on 11/11/2012 (mueller) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11/11/2012 8:02:57 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mueller\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7.86 Gb Total Physical Memory | 5.91 Gb Available Physical Memory | 75.17% Memory free 15.73 Gb Paging File | 13.45 Gb Available in Paging File | 85.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448.46 Gb Total Space | 316.16 Gb Free Space | 70.50% Space Free | Partition Type: NTFS Drive E: | 1.99 Gb Total Space | 1.49 Gb Free Space | 74.88% Space Free | Partition Type: FAT32 Computer Name: MÜLLER-HP | User Name: mueller | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/11 20:01:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mueller\Desktop\OTL.exe PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/08/11 15:40:05 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/01 23:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/05/23 15:19:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2011/05/23 15:19:30 | 000,274,944 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe PRC - [2011/01/25 16:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/07/12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010/07/06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009/12/03 00:01:36 | 000,082,760 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe PRC - [2009/11/21 04:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009/11/20 13:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe PRC - [2009/11/20 12:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe PRC - [2009/11/20 12:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe PRC - [2009/11/20 12:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe PRC - [2009/11/19 10:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe PRC - [2009/11/19 08:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe PRC - [2009/11/19 08:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe PRC - [2009/11/11 22:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009/11/04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/11/04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/08/25 17:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009/08/25 17:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012/06/16 23:06:42 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012/06/16 23:06:41 | 010,580,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll MOD - [2012/06/16 23:06:13 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/16 23:06:07 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/06/16 23:06:01 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012/05/13 19:10:00 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012/05/13 19:09:51 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/13 18:52:23 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/13 18:52:22 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012/05/13 18:52:22 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012/05/13 18:51:58 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012/05/13 18:51:50 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/13 18:51:48 | 000,680,448 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll MOD - [2012/05/13 18:51:46 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/13 18:51:44 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/13 18:51:43 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/13 18:51:39 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/05/23 15:19:16 | 000,381,440 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/07/24 11:10:56 | 008,024,064 | R--- | M] () -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll MOD - [2009/07/24 11:10:28 | 002,199,552 | R--- | M] () -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008/01/09 10:10:42 | 000,159,744 | R--- | M] () -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll MOD - [2008/01/09 10:10:00 | 000,167,936 | R--- | M] () -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\IceSSL32.dll MOD - [2008/01/09 10:08:00 | 001,245,184 | R--- | M] () -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll MOD - [2008/01/09 10:06:54 | 000,065,536 | R--- | M] () -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/03/14 19:20:54 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2010/01/29 05:15:24 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/12/08 06:14:26 | 006,810,728 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service) SRV:64bit: - [2009/11/19 23:14:32 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2009/11/19 23:11:24 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2009/10/21 16:49:06 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009/08/03 21:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/07/08 21:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe -- (AESTFilters) SRV - [2012/10/09 21:32:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/01 23:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/05/23 15:19:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2011/01/25 16:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/07/06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/29 05:15:24 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe -- (STacSV) SRV - [2009/12/03 00:01:36 | 000,082,760 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe -- (SMManager) SRV - [2009/11/20 13:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe -- (Hp.Skyroom.Windows.Service) SRV - [2009/11/19 08:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender) SRV - [2009/11/04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/11/04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/10/21 16:30:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2009/08/25 17:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/05/02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/04/27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/04/24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/20 15:38:48 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:64bit: - [2011/05/20 15:38:48 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2011/05/20 15:38:48 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:64bit: - [2011/05/20 15:38:46 | 000,213,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:64bit: - [2011/05/20 15:38:40 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2011/05/20 15:38:34 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/06/04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/03/30 14:27:30 | 000,069,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2010/03/23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010/01/29 05:15:24 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/01/28 16:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/01/13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009/12/18 14:23:46 | 001,798,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009/11/21 04:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009/11/21 04:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/11/06 01:36:26 | 000,293,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009/10/29 01:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2009/10/26 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2009/10/26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/09/29 00:46:00 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/08/07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/08/03 21:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/07/20 23:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/07/08 21:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2009/07/08 21:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2009/06/26 01:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009/06/26 00:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009/06/26 00:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D0B163A0-6560-4906-B811-05AF8E65B0EF} IE:64bit: - HKLM\..\SearchScopes\{D0B163A0-6560-4906-B811-05AF8E65B0EF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{D0B163A0-6560-4906-B811-05AF8E65B0EF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\SearchScopes,DefaultScope = {90827A80-9278-4E9C-AFC5-95EC037961C5} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{90827A80-9278-4E9C-AFC5-95EC037961C5}: "URL" = hxxp://www.google.at/#hl=de&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=62fc775a8c518bfe IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2010/12/13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [HP Connection Manager.exe] File not found O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [ceowdtuxgwyesrk] C:\windows\ceowdtux.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.202.138.3 195.202.128.3 62.40.128.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0325EF76-5563-483E-A1AB-D29D0BC2A6E2}: NameServer = 213.249.17.11 213.249.39.29 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{285B8155-5356-4642-A2C1-A53589B80874}: DhcpNameServer = 195.202.138.3 195.202.128.3 62.40.128.2 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{168f1fe9-c46c-11e1-95e6-70f3955b7103}\Shell - "" = AutoRun O33 - MountPoints2\{168f1fe9-c46c-11e1-95e6-70f3955b7103}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{168f1ff2-c46c-11e1-95e6-70f3955b7103}\Shell - "" = AutoRun O33 - MountPoints2\{168f1ff2-c46c-11e1-95e6-70f3955b7103}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/11 20:01:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mueller\Desktop\OTL.exe [2012/11/11 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\mueller\AppData\Roaming\Malwarebytes [2012/11/11 18:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/11 18:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/11 18:25:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/11/11 18:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/11 18:24:33 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\mueller\Desktop\mbam-setup-1.65.1.1000.exe [2012/11/06 21:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ftmorkcrghfxfnb ========== Files - Modified Within 30 Days ========== [2012/11/11 20:01:25 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/11 20:01:25 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/11 20:01:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mueller\Desktop\OTL.exe [2012/11/11 20:00:45 | 000,000,000 | ---- | M] () -- C:\Users\mueller\defogger_reenable [2012/11/11 19:58:36 | 001,507,340 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/11/11 19:58:36 | 000,657,900 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/11/11 19:58:36 | 000,619,146 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/11/11 19:58:36 | 000,131,258 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/11/11 19:58:36 | 000,107,466 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/11/11 19:58:33 | 000,050,477 | ---- | M] () -- C:\Users\mueller\Desktop\Defogger.exe [2012/11/11 19:53:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/11/11 19:53:33 | 2038,423,551 | -HS- | M] () -- C:\hiberfil.sys [2012/11/11 19:32:05 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/11/11 18:34:17 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/11/11 18:25:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/11 17:47:02 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\mueller\Desktop\mbam-setup-1.65.1.1000.exe [2012/11/06 21:12:57 | 000,074,141 | ---- | M] () -- C:\ProgramData\ejmjyteeeyscqex [2012/11/06 21:01:41 | 000,002,012 | -H-- | M] () -- C:\Users\mueller\Documents\Default.rdp [2012/11/06 20:03:01 | 000,000,340 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFormueller.job ========== Files Created - No Company Name ========== [2012/11/11 20:00:45 | 000,000,000 | ---- | C] () -- C:\Users\mueller\defogger_reenable [2012/11/11 19:58:33 | 000,050,477 | ---- | C] () -- C:\Users\mueller\Desktop\Defogger.exe [2012/11/11 18:25:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/06 21:12:27 | 000,074,141 | ---- | C] () -- C:\ProgramData\ejmjyteeeyscqex [2012/11/05 20:37:51 | 000,000,340 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleFormueller.job [2011/07/14 21:35:02 | 000,690,009 | ---- | C] () -- C:\windows\unins000.exe [2011/07/14 21:35:02 | 000,020,276 | ---- | C] () -- C:\windows\unins000.dat [2011/05/20 15:11:30 | 000,230,004 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2011/05/01 13:25:25 | 000,000,060 | ---- | C] () -- C:\Users\mueller\AppData\Roaming\AVSDVDPlayer.m3u [2011/05/01 13:18:53 | 000,524,288 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2011/05/01 13:18:53 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2011/04/25 18:08:28 | 000,001,854 | ---- | C] () -- C:\Users\mueller\AppData\Roaming\GhostObjGAFix.xml ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010/07/25 21:34:39 | 000,000,000 | ---D | M] -- C:\Users\mueller\AppData\Roaming\Alt-N [2011/03/14 19:24:29 | 000,000,000 | ---D | M] -- C:\Users\mueller\AppData\Roaming\Autodesk [2010/07/22 17:56:02 | 000,000,000 | ---D | M] -- C:\Users\mueller\AppData\Roaming\TeamViewer [2012/07/02 18:57:37 | 000,000,000 | ---D | M] -- C:\Users\mueller\AppData\Roaming\Vodafone ========== Purity Check ========== < End of report > EXTRAS:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11/11/2012 8:02:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mueller\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7.86 Gb Total Physical Memory | 5.91 Gb Available Physical Memory | 75.17% Memory free
15.73 Gb Paging File | 13.45 Gb Available in Paging File | 85.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.46 Gb Total Space | 316.16 Gb Free Space | 70.50% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.49 Gb Free Space | 74.88% Space Free | Partition Type: FAT32
Computer Name: MÜLLER-HP | User Name: mueller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DD9C6B9-5D6E-4723-8973-35DE7D6D152B}" = lport=138 | protocol=17 | dir=in | app=system |
"{25957720-FA1A-4EA2-84F5-4CE8FB9161D0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{370C691A-8A78-451F-8404-2DCD58B0A434}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BFFBE63-974E-4120-A744-AF4504867321}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D2AEC14-8680-41B5-84F1-431D494BBF17}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E3C6513-B595-4AF6-BFD6-3F8D5C64859C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{513C872A-8808-4983-B6F9-64F0E5713513}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe |
"{626DD711-5D6D-4B7A-853B-DCC86FF8AE17}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C312609-22A1-4E03-AB33-FEC3A9E45EEE}" = lport=445 | protocol=6 | dir=in | app=system |
"{775370F4-CC57-453A-AAA7-BA798D98D86B}" = rport=445 | protocol=6 | dir=out | app=system |
"{7F5D1F00-87C6-48E9-A8D5-8E0FF58F9A95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C429041-26CB-4AAF-8FB9-E5527A20130F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{8F3CED01-B08C-4A1B-852D-582A6A9CD84B}" = lport=137 | protocol=17 | dir=in | app=system |
"{9028392C-1652-4D73-B95C-CA96933C2B5A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9623D8E0-BD36-43B6-8055-6BAF0BC6724C}" = lport=445 | protocol=6 | dir=in | app=system |
"{A28C43B9-932A-4516-B0C4-6C33EB07267C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A95AB7F8-1C97-49B8-A917-980E1AC6C9F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0D6CA56-EC7D-41AE-804F-E1B7CCBC5588}" = rport=137 | protocol=17 | dir=out | app=system |
"{B2BD53BE-62C6-45CA-BCA5-7859EDD7DC37}" = rport=138 | protocol=17 | dir=out | app=system |
"{B3F489E9-39DE-402F-8F1E-B7A1427464D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C092F035-5FC9-4E54-91AE-2C415D0C5E78}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2EEAD87-8D3B-4AF6-95FF-5D3516A5A09B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D760863E-43D3-458B-B90E-5EBA55CB6D7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1DB114D-20C9-449D-9CA9-D78E7EBA7A91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F501E438-2F8C-40EB-8816-040C2B70F4F7}" = lport=445 | protocol=6 | dir=in | app=system |
"{FCA353FF-5264-426C-BCB6-B33D06C67763}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FE4CBF05-2722-423A-A46A-04EEC1BAD52F}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081F20A0-9A58-47F0-B9A0-BC1C76BB4EFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0F23C0CA-7112-4E39-B549-22B0CD8407F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{19AA34DE-51B5-4AF8-925D-8A436E7F7E70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1CCDF62D-B371-4857-B4D1-ED384A3622CB}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp skyroom\remote graphics receiver\rgreceiver.exe |
"{227BCFAC-0605-4DD2-A18F-2E5B4F5D77AC}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp skyroom\remote graphics sender\rgsender.exe |
"{2731EE1A-0395-4975-885D-323BD1CC847E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27F17AAC-7E94-4F47-B542-B338B0D6DA55}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp skyroom\remote graphics sender\rgsender_gui.exe |
"{2C616229-74D7-487A-B2D9-2C8DC9D9CC51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B02FEF7-1240-457E-9C08-CF1FF6E54883}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3BB514CF-BCBF-4FAD-A3C7-B723A69EBB9D}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp skyroom\remote graphics sender\rgsender.exe |
"{4A5AC74E-4631-4F4B-8612-26140EE35A5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FCB6384-5F77-409F-8D53-964E9648D581}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{62F90ABF-A8A8-47A4-BC73-82237C25AA26}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{6CD48DA8-B751-4050-83F3-AC6AB23BEB36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{740D3A0A-B6C9-4372-B395-2A94A66759DA}" = protocol=6 | dir=out | app=system |
"{75F8A5A4-7F7C-42A2-A103-1EA069697907}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E840098-A28D-4B0E-9D36-4D1F497AA027}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp skyroom\hp.skyroom.exe |
"{8E5746EA-9CE3-4533-945F-074571808158}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AA1BFF0-FFC4-437F-AE0B-0D187352331E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1CDC2AB-B7C6-4869-B245-C7730CCD1619}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A56A7C38-F10A-4AE1-934A-BF27C0F74BB8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABE89E4A-4F47-429F-A0CC-84CE29E74975}" = dir=in | name=büronetzwerk |
"{AE37CB6F-B44F-4DF7-BEC3-F80B42D0357B}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp skyroom\hp.skyroom.exe |
"{BDA98BD2-F6B2-47C8-9593-70F441636DC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE726C39-D50F-45F8-BA41-9CF671BADF15}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C908FF04-89BF-41B3-BD74-6B3231CE1DC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB816BAF-C5D7-447F-B183-736DB372506D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{F2AD8FCF-A9CA-4C7C-ADA4-64EBD20CF6AA}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp skyroom\remote graphics sender\rgsender_gui.exe |
"{F83CE1AE-2AB9-42EB-8503-1A167317E0B0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FAEAB042-8ADE-4B73-B320-9139ABC2B924}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp skyroom\remote graphics receiver\rgreceiver.exe |
"TCP Query User{041B329B-D7A2-4817-BA91-8B693A5ADF54}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{F48E8711-D273-4EBF-86AB-8454F25D11AA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{9BBCF9D4-2E7B-44A5-B80D-A2B1F85EDCFD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A100CD29-865E-4627-A7FC-8E8700CA1A83}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{518C838E-A21C-40BE-B844-648040C2491D}" = HP Wireless Assistant
"{5783F2D7-9009-0407-0102-0060B0CE6BBA}" = AutoCAD LT 2011 - Deutsch
"{5783F2D7-9009-0407-1102-0060B0CE6BBA}" = AutoCAD LT 2011 Language Pack - Deutsch
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{938C9D51-4233-4DCE-A650-96918ACDBF3E}" = HP Power Data
"{BD7AB0B9-4491-4642-B6BB-2560648A0A22}" = HP Power Assistant
"{BE9ED4AF-949C-4B95-B2FD-0A2F228A7689}" = Validity Fingerprint Driver
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"8E964A7CBB473FE04D90104D1377B59E9C7C2A3D" = Windows-Treiberpaket - FTDI USB Device Driver Package (03/30/2010 2.06.02)
"AutoCAD LT 2011 - Deutsch" = AutoCAD LT 2011 - Deutsch
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{17DA6412-EC90-42D1-A9A4-661416750025}" = HP SkyRoom
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206E1EEB-027A-4FC0-B4ED-6E48203BD49A}" = HP ESU for Microsoft Windows 7
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{2A08C71B-CC60-42EA-8DA2-FE5486E3B20B}" = Remote Graphics Sender
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE201CD-5A61-4749-9EEC-28CE86E9EE90}" = Remote Graphics Receiver
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{58215966-9BA6-485D-B8DA-4AE31150B92E}" = HP Common Access Service Library
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5D205683-5AC7-4BBA-B45F-EC31DF297643}" = HP User Guides 0159
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78552E1C-84B9-41AE-9764-67CB874ABB0F}" = HP QuickLook
"{7861911B-4270-498A-8F7A-FCF0570F484B}" = HP QuickWeb
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{883FDE02-EBF8-4D59-87FB-5FF410A35A6C}" = Remote Graphics Sender
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E40415F9-FF9F-4EDA-993D-C137D1C8D90E}" = HP Connection Manager
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"Driver FTDI (1.00.020)" = Driver FTDI (1.00.020)
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"facemoods" = facemoods
"InstallShield_{17DA6412-EC90-42D1-A9A4-661416750025}" = HP SkyRoom
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Outlook Connector for MDaemon Plug-in" = Outlook Connector for MDaemon Plug-in
"TeamViewer 5" = TeamViewer 5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xconsole_is1" = Xconsole 3.80
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/13/2012 4:11:10 PM | Computer Name = Müller-HP | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
Error - 10/13/2012 6:01:08 PM | Computer Name = Müller-HP | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
Error - 10/14/2012 12:57:42 PM | Computer Name = Müller-HP | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
Error - 10/17/2012 1:49:15 PM | Computer Name = Müller-HP | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
Error - 10/20/2012 6:01:50 PM | Computer Name = Müller-HP | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
Error - 10/20/2012 6:33:06 PM | Computer Name = Müller-HP | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 10/21/2012 3:16:13 PM | Computer Name = Müller-HP | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
Error - 10/24/2012 2:47:44 PM | Computer Name = Müller-HP | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
Error - 10/25/2012 4:39:15 PM | Computer Name = Müller-HP | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
Error - 10/26/2012 7:09:01 AM | Computer Name = Müller-HP | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
[ Hewlett-Packard Events ]
Error - 6/23/2011 4:03:27 AM | Computer Name = Müller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061123100325.xml
File not created by asset agent
Error - 7/4/2011 12:05:11 PM | Computer Name = Müller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071104060508.xml
File not created by asset agent
Error - 9/22/2011 2:46:59 PM | Computer Name = Müller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091122084656.xml
File not created by asset agent
Error - 10/12/2011 1:14:28 PM | Computer Name = Müller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101112071410.xml
File not created by asset agent
Error - 11/29/2011 3:53:21 PM | Computer Name = Müller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111129085317.xml
File not created by asset agent
Error - 12/19/2011 4:49:51 PM | Computer Name = Müller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121119094948.xml
File not created by asset agent
Error - 2/6/2012 5:28:45 PM | Computer Name = Müller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021206102841.xml
File not created by asset agent
Error - 2/27/2012 3:26:15 PM | Computer Name = Müller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021227082613.xml
File not created by asset agent
Error - 4/10/2012 3:25:30 PM | Computer Name = Müller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041210092527.xml
File not created by asset agent
Error - 8/27/2012 2:16:10 PM | Computer Name = Müller-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081227081608.xml
File not created by asset agent
[ HP Power Assistant Events ]
Error - 5/3/2012 4:20:59 PM | Computer Name = Müller-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.
Error - 5/3/2012 4:21:00 PM | Computer Name = Müller-HP | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
Error - 5/3/2012 4:21:00 PM | Computer Name = Müller-HP | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from
the power usage node (planName=HP powerSource=AC). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 5/5/2012 12:37:26 PM | Computer Name = Müller-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.
Error - 5/5/2012 12:37:28 PM | Computer Name = Müller-HP | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
Error - 5/5/2012 12:37:28 PM | Computer Name = Müller-HP | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from
the power usage node (planName=HP powerSource=AC). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 5/5/2012 6:01:44 PM | Computer Name = Müller-HP | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 5/5/2012 6:01:44 PM | Computer Name = Müller-HP | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 5/5/2012 6:01:44 PM | Computer Name = Müller-HP | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 5/5/2012 6:01:48 PM | Computer Name = Müller-HP | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.
[ HP Wireless Assistant Events ]
Error - 10/28/2012 3:32:58 PM | Computer Name = Müller-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 10/28/2012 3:32:58 PM | Computer Name = Müller-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/3/2012 7:01:32 PM | Computer Name = Müller-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/3/2012 7:01:33 PM | Computer Name = Müller-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/4/2012 9:05:16 AM | Computer Name = Müller-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/4/2012 9:05:16 AM | Computer Name = Müller-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/4/2012 2:03:54 PM | Computer Name = Müller-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/4/2012 2:17:23 PM | Computer Name = Müller-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/10/2012 7:02:12 PM | Computer Name = Müller-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 11/10/2012 7:02:12 PM | Computer Name = Müller-HP | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
[ System Events ]
Error - 11/11/2012 12:52:15 PM | Computer Name = Müller-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11/11/2012 1:24:06 PM | Computer Name = Müller-HP | Source = DCOM | ID = 10005
Description =
Error - 11/11/2012 1:24:06 PM | Computer Name = Müller-HP | Source = DCOM | ID = 10005
Description =
Error - 11/11/2012 1:24:06 PM | Computer Name = Müller-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11/11/2012 1:32:13 PM | Computer Name = Müller-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimspci" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 11/11/2012 1:32:13 PM | Computer Name = Müller-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "risdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 11/11/2012 1:32:13 PM | Computer Name = Müller-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rixdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 11/11/2012 2:53:52 PM | Computer Name = Müller-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimspci" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 11/11/2012 2:53:52 PM | Computer Name = Müller-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "risdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 11/11/2012 2:53:52 PM | Computer Name = Müller-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rixdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
< End of report >
GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-11 20:44:22
Windows 6.1.7601 Service Pack 1
Running: dkte1j6j.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955b7103
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955b7103@782eefe8b72b 0xE5 0xA1 0x96 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955b7103 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955b7103@782eefe8b72b 0xE5 0xA1 0x96 0xA7 ...
---- EOF - GMER 1.0.15 ----
der Vollständigkeit halber meine Systemdaten: Betriebssystemname Microsoft Windows 7 Professional Version 6.1.7601 Service Pack 1 Build 7601 Zusätzliche Betriebssystembeschreibung Nicht verfügbar Betriebssystemhersteller Microsoft Corporation Systemname MÜLLER-HP Systemhersteller Hewlett-Packard Systemmodell HP EliteBook 8540w Systemtyp x64-basierter PC Prozessor Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2667 MHz, 2 Kern(e), 4 logische(r) Prozessor(en) BIOS-Version/-Datum Hewlett-Packard 68CVD Ver. F.08, 28.04.2010 SMBIOS-Version 2.6 Windows-Verzeichnis C:\windows Systemverzeichnis C:\windows\system32 Startgerät \Device\HarddiskVolume1 Gebietsschema Österreich Hardwareabstraktionsebene Version = "6.1.7601.17514" Benutzername Müller-HP\mueller Zeitzone Mitteleuropäische Zeit Installierter physikalischer Speicher (RAM) 8,00 GB Gesamter realer Speicher 7,86 GB Verfügbarer realer Speicher 5,80 GB Gesamter virtueller Speicher 15,7 GB Verfügbarer virtueller Speicher 13,4 GB Größe der Auslagerungsdatei 7,86 GB Auslagerungsdatei C:\pagefile.sys Wie kann ich weiter vorgehen? Schon mal vielen Dank für eure Hife! Grüße Simon |
| Themen zu Polizei Trojaner - Bezahlen Sie mit Ukash |
| administrator, adobe, antivir, avg, avira, avira searchfree toolbar, bho, cpu, defender, device driver, error, explorer, fehler, firefox, flash player, format, install.exe, jdownloader, launch, logfile, object, performance, plug-in, registry, richtlinie, rundll, scan, services.exe, software, svchost.exe, trojaner, udp, usb 3.0 |
Baum-Darstellung