Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Laptop-Absturz - Blue Screen -> Malware? (https://www.trojaner-board.de/134146-laptop-absturz-blue-screen-malware.html)

palomino165 26.04.2013 10:33

Laptop-Absturz - Blue Screen -> Malware?
 
Hallo zusammen,

nachdem ich in einem anderen Thread bereits ein Problem gelöst bekommen habe, muss ich nun erneut bei Euch um Hilfe ansuchen.

Mein Geschäftsrechner stürzt alle 2 Tage mit einem blue screen ab.
Ursache ist, so vermute ich, viren oder ähnliches.
Ich habe bei mir Snap.do gefunden und obwohl ich dieses versucht habe zu installieren, taucht es immer wieder auf.
Vielleicht habe ich dabei etwas übersehen.

Wärt Ihr so freundlich mir dabei zu helfen, meinen Rechner mit der richtigen Software zu checken?
Vielen Dank.

Hier mein OTL-Log:
Code:

OTL logfile created on: 26.04.2013 11:17:00 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\oehmenl\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.88 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 30.54% Memory free
7.77 Gb Paging File | 4.56 Gb Available in Paging File | 58.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96.07 Gb Total Space | 10.99 Gb Free Space | 11.44% Space Free | Partition Type: NTFS
Drive G: | 20.88 Gb Total Space | 3.22 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
Drive T: | 1.99 Gb Total Space | 1.97 Gb Free Space | 99.34% Space Free | Partition Type: FAT32
 
Computer Name: NBCHLFL001008 | User Name: OehmenL | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.26 10:48:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oehmenl\Downloads\OTL.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\oehmenl\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.02.13 12:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.02.13 12:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.02.13 12:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.27 17:06:00 | 000,345,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2012.11.27 17:06:00 | 000,333,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mcafee\common framework\UdaterUI.exe
PRC - [2012.11.27 17:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2012.11.27 17:06:00 | 000,075,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2012.08.14 21:08:00 | 000,033,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2012.06.12 23:51:06 | 001,421,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2012.03.28 19:38:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.03.28 19:38:24 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.28 19:38:16 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.03.27 11:14:26 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.03.22 03:13:48 | 000,372,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2012.03.22 03:13:44 | 012,310,616 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2012.03.22 00:36:32 | 001,327,104 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
PRC - [2012.03.21 03:55:10 | 000,536,848 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2012.03.15 19:47:54 | 001,045,328 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2012.03.09 20:22:46 | 000,070,960 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2012.03.07 06:10:04 | 001,134,584 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2012.03.01 04:06:42 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.03.01 04:06:36 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.02.03 06:42:00 | 000,498,352 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2012.01.27 01:53:10 | 001,127,800 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
PRC - [2012.01.27 01:51:32 | 000,330,616 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2012.01.27 01:49:18 | 000,212,344 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2012.01.27 01:18:26 | 000,984,440 | ---- | M] (Infineon Technologies AG) -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
PRC - [2011.09.14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010.04.13 16:47:14 | 001,636,872 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
PRC - [2009.07.15 13:28:42 | 000,371,712 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.10.11 08:04:18 | 000,221,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0e56badd6e20e2dc81c45cdff2326f6b\System.ServiceProcess.ni.dll
MOD - [2012.10.11 08:04:10 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1a7c90bf70e6fef2970dd02ca5def39a\System.Runtime.Remoting.ni.dll
MOD - [2012.10.11 08:03:56 | 000,194,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\30bf8a41a7888e9056506091adbe05f2\CustomMarshalers.ni.dll
MOD - [2012.10.11 08:03:52 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
MOD - [2012.10.10 15:46:54 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll
MOD - [2012.10.10 15:46:37 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll
MOD - [2012.10.10 15:46:26 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll
MOD - [2012.10.10 15:46:22 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll
MOD - [2012.10.10 15:46:20 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
MOD - [2012.10.10 15:46:17 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll
MOD - [2012.10.10 15:46:15 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
MOD - [2012.10.10 15:46:08 | 014,415,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012.07.30 10:24:35 | 000,489,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ab16b2721684612a1c9053401797082\IAStorUtil.ni.dll
MOD - [2012.07.30 10:24:35 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0ac5296285b1a74de78ded1c844cfb60\IAStorCommon.ni.dll
MOD - [2012.07.30 10:17:49 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.07.30 10:17:45 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.07.30 10:17:29 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.07.30 10:17:24 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.07.30 10:17:14 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.07.30 10:17:10 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.07.30 10:17:08 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.07.30 10:17:07 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.07.30 10:17:03 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.17 21:14:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012.01.31 23:19:18 | 000,366,464 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.02.04 17:10:40 | 000,646,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)
SRV:64bit: - [2012.12.18 13:14:30 | 000,170,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012.12.12 08:36:49 | 000,201,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012.10.09 10:24:28 | 000,212,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.07.12 06:19:42 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2012.04.26 23:56:00 | 000,033,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012.03.22 00:36:32 | 001,327,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2012.03.20 16:45:18 | 002,694,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2012.03.15 19:47:56 | 000,493,904 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2012.03.14 23:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2012.03.07 11:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012.03.05 17:04:18 | 000,314,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2012.02.02 03:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011.05.13 15:08:50 | 000,120,184 | ---- | M] (DameWare Development LLC) [On_Demand | Stopped] -- C:\Windows\SysNative\DNTUS26.EXE -- (DNTUS26)
SRV:64bit: - [2011.02.17 07:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.17 08:29:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.27 17:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.12 23:51:06 | 001,421,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2012.04.30 23:34:10 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.03.28 19:38:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.03.28 19:38:24 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.28 19:38:16 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.03.22 03:13:48 | 000,372,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2012.03.21 03:55:10 | 000,536,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe -- (RoxioBurnLauncher)
SRV - [2012.03.20 16:28:20 | 002,325,584 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2012.03.09 20:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2012.03.07 10:18:30 | 001,118,480 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2012.03.07 06:10:04 | 001,134,584 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2012.03.01 04:06:36 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.02.03 06:42:00 | 000,498,352 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2012.01.31 23:19:14 | 000,477,056 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2012.01.27 01:53:10 | 001,127,800 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv)
SRV - [2012.01.27 01:49:18 | 000,212,344 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2012.01.27 01:18:26 | 000,984,440 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe -- (IFXTCS)
SRV - [2011.09.14 20:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011.09.10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.05.13 15:09:24 | 000,700,792 | ---- | M] (DameWare Development LLC) [On_Demand | Stopped] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs)
SRV - [2010.04.13 16:47:14 | 001,636,872 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe -- (USBMIDIAudioDevMon)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 03:09:46 | 000,052,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FireNfcp.sys -- (FireNfcp)
DRV:64bit: - [2013.02.04 17:12:00 | 000,197,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012.12.18 13:14:30 | 000,673,624 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.12.18 13:14:30 | 000,496,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.12.18 13:14:30 | 000,305,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.12.18 13:14:30 | 000,282,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.12.18 13:14:30 | 000,169,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.12.18 13:14:30 | 000,076,224 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012.12.12 08:36:50 | 000,101,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.09.20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 06:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.08.24 04:39:14 | 000,100,728 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NEOFLTR_720_21697.SYS -- (NEOFLTR_720_21697)
DRV:64bit: - [2012.07.12 06:19:42 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012.07.12 06:19:41 | 004,747,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.04.26 23:56:00 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012.04.26 23:56:00 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012.03.31 00:53:42 | 001,863,680 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2012.03.27 11:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.03.27 11:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.03.27 11:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.03.27 07:09:56 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.22 01:08:46 | 000,093,640 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal)
DRV:64bit: - [2012.03.22 01:08:20 | 000,158,792 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2012.03.09 05:55:26 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.03.08 12:01:00 | 000,058,000 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012.03.05 17:04:18 | 000,536,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.28 01:28:10 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2012.02.28 01:28:08 | 000,026,200 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2012.02.22 22:54:08 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012.02.03 06:42:00 | 000,042,816 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2012.02.02 05:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.02.02 05:07:18 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.02.02 05:07:18 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2012.02.02 05:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.02 05:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.02 05:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.02 05:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.02.02 03:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.01.31 20:59:30 | 000,064,312 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011.12.06 16:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.09 22:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.07.25 18:44:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.25 18:44:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.07.18 17:11:44 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.01.26 04:18:54 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.03.13 15:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd)
DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://service.hydac.info/dana/home/index.cgi
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{90D07C84-E952-48C1-996F-93E434F50F7A}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.5.5
FF - prefs.js..extensions.enabledAddons: {b8d51471-15f1-46cd-a600-448a6b103c2d}:1.8.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20130402
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.6
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.3.4
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012.07.12 06:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.19 09:40:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.04.18 07:47:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.16 20:12:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.30 10:16:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 09:51:03 | 000,000,000 | ---D | M]
 
[2013.04.02 17:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Extensions
[2013.04.02 17:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013.04.19 08:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Firefox\Profiles\5rtlgijc.default\extensions
[2013.04.05 10:48:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\oehmenl\AppData\Roaming\mozilla\Firefox\Profiles\5rtlgijc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.04.19 08:17:42 | 000,050,424 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.12.20 10:18:30 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
[2013.04.18 10:10:42 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.20 10:18:30 | 000,210,799 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{b8d51471-15f1-46cd-a600-448a6b103c2d}.xpi
[2013.02.17 09:08:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.19 19:52:25 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\oehmenl\AppData\Roaming\mozilla\firefox\profiles\5rtlgijc.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.10.04 17:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.04 17:57:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Autumn = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\alibnodcalenogbpgdihbfccibcagloo\1.3_0\
CHR - Extension: Google Drive = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Google Mail = C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121212073722.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121212073722.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.EXE (DameWare Development)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\oehmenl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\oehmenl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://service.hydac.info/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ch-bi.hydac.int
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46D3EE14-F630-4CD4-B588-98EFC8F7F5AF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49CD0D40-4E06-4319-9963-7BE791112813}: DhcpNameServer = 10.165.8.27 10.165.10.13 129.42.10.39
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.26 10:48:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\oehmenl\Desktop\OTL.exe
[2013.04.26 10:42:40 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\Malwarebytes
[2013.04.26 10:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.26 10:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.26 10:42:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.04.26 10:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.19 08:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.15 07:36:07 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\Desktop\GSHY1 2013-04-08
[2013.04.02 10:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIR Music Technology
[2013.04.01 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\dvdcss
[2013.03.31 02:50:32 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Local\AIR Music Technology
[2013.03.31 02:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AIR Music Technology
[2013.03.31 02:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\AIR Music Technology
[2013.03.30 10:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\M-Audio
[2013.03.30 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\IDT
[2013.03.30 00:12:21 | 000,000,000 | ---D | C] -- C:\Users\oehmenl\AppData\Roaming\FLEXnet
[2013.03.29 22:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2013.03.29 22:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 11:21:27 | 002,302,976 | ---- | M] () -- C:\Users\oehmenl\Documents\LO kontakte.pst
[2013.04.26 11:17:02 | 000,031,312 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 11:17:02 | 000,031,312 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 11:14:48 | 001,621,242 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.04.26 11:14:48 | 000,700,408 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.04.26 11:14:48 | 000,655,090 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.04.26 11:14:48 | 000,149,190 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.04.26 11:14:48 | 000,121,962 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.04.26 11:10:27 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 11:09:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.04.26 11:09:48 | 4170,940,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.26 10:48:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oehmenl\Desktop\OTL.exe
[2013.04.26 10:47:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.26 10:42:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.26 09:57:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.04.25 07:08:56 | 000,000,340 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForoehmenl.job
[2013.04.24 08:33:07 | 000,004,804 | ---- | M] () -- C:\Users\oehmenl\Desktop\List of pump substitutes.pdf
[2013.04.23 08:12:43 | 000,107,544 | ---- | M] () -- C:\Users\oehmenl\Desktop\Preisliste 2013-04-23 PTC_VT_BIERI.pdf
[2013.04.22 10:34:27 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Ignite.lnk
[2013.04.15 10:07:18 | 000,296,609 | ---- | M] () -- C:\Users\oehmenl\Documents\Backup GT-I9300 Bieri_LO 2013-04-15.mpb
[2013.04.10 18:18:54 | 721,243,679 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013.04.10 17:32:01 | 000,000,352 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForNBCHLFL001008$.job
[2013.04.05 08:35:41 | 000,147,949 | ---- | M] () -- C:\Users\oehmenl\Desktop\Incoterms_2010_chart.pdf
[2013.04.05 07:41:34 | 004,757,242 | ---- | M] () -- C:\Users\oehmenl\Desktop\Construction Applications of Bieri products201302.pdf
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.04.04 03:09:46 | 000,052,584 | ---- | M] (McAfee, Inc.) -- C:\windows\SysNative\drivers\FireNfcp.sys
[2013.03.30 10:43:29 | 000,001,013 | ---- | M] () -- C:\Users\oehmenl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.30 10:43:24 | 000,000,985 | ---- | M] () -- C:\Users\oehmenl\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.26 10:42:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.24 08:33:07 | 000,004,804 | ---- | C] () -- C:\Users\oehmenl\Desktop\List of pump substitutes.pdf
[2013.04.23 08:12:39 | 000,107,544 | ---- | C] () -- C:\Users\oehmenl\Desktop\Preisliste 2013-04-23 PTC_VT_BIERI.pdf
[2013.04.15 10:07:04 | 000,296,609 | ---- | C] () -- C:\Users\oehmenl\Documents\Backup GT-I9300 Bieri_LO 2013-04-15.mpb
[2013.04.05 08:35:41 | 000,147,949 | ---- | C] () -- C:\Users\oehmenl\Desktop\Incoterms_2010_chart.pdf
[2013.04.05 07:41:26 | 004,757,242 | ---- | C] () -- C:\Users\oehmenl\Desktop\Construction Applications of Bieri products201302.pdf
[2013.03.31 02:49:43 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Ignite.lnk
[2013.02.25 15:52:53 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\FsUsbExDevice.Dll
[2013.02.25 15:52:53 | 000,037,344 | ---- | C] () -- C:\windows\SysWow64\FsUsbExDisk.Sys
[2013.02.25 14:54:26 | 000,038,478 | ---- | C] () -- C:\Users\oehmenl\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2013.02.04 13:17:02 | 000,004,096 | -H-- | C] () -- C:\Users\oehmenl\AppData\Local\keyfile3.drm
[2012.11.14 09:39:05 | 000,014,416 | ---- | C] () -- C:\Users\oehmenl\Kontakte001.ecsv.bak
[2012.11.14 09:38:58 | 000,083,747 | ---- | C] () -- C:\Users\oehmenl\Visio KEY.pdf
[2012.11.14 09:38:58 | 000,000,769 | ---- | C] () -- C:\Users\oehmenl\Verknüpfung mit Start.exe.lnk
[2012.11.14 09:38:56 | 000,120,173 | ---- | C] () -- C:\Users\oehmenl\PricelistSTD201206-EUR - Singapore.pdf
[2012.11.14 09:38:55 | 004,163,282 | ---- | C] () -- C:\Users\oehmenl\manual foxit.pdf
[2012.11.14 09:38:55 | 003,533,205 | ---- | C] () -- C:\Users\oehmenl\Hydraulikskript.PDF
[2012.11.14 09:38:55 | 000,131,104 | ---- | C] () -- C:\Users\oehmenl\Kontakte001.spb
[2012.11.14 09:38:55 | 000,001,807 | ---- | C] () -- C:\Users\oehmenl\Google Chrome.lnk
[2012.11.14 09:38:54 | 000,779,264 | ---- | C] () -- C:\Users\oehmenl\backupKontakteSonderhoff.pst
[2012.11.14 09:38:54 | 000,022,641 | ---- | C] () -- C:\Users\oehmenl\bookmark.htm
[2012.11.14 09:38:54 | 000,000,949 | ---- | C] () -- C:\Users\oehmenl\Free YouTube Download.lnk
[2012.11.13 16:38:20 | 000,009,434 | RHS- | C] () -- C:\Users\oehmenl\ntuser.pol
[2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012.07.30 09:24:02 | 000,000,117 | ---- | C] () -- C:\windows\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}.ini
[2012.07.30 09:24:02 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}.ini
[2012.07.30 09:17:46 | 000,000,400 | ---- | C] () -- C:\windows\SysWow64\oeminfo.ini
[2012.07.30 09:16:44 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2012.07.30 09:07:54 | 000,007,820 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.07.12 06:26:46 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2012.07.12 06:26:46 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2012.05.17 22:21:59 | 001,599,136 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.04.18 04:50:16 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat
[2012.03.27 07:19:12 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2012.03.27 07:19:10 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2012.03.27 07:03:48 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.03.27 05:53:44 | 013,024,768 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2012.03.21 21:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2012.03.15 19:48:52 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2012.03.15 19:48:26 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2012.03.15 19:48:26 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2012.03.15 19:47:56 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2012.03.15 19:47:56 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2012.03.15 19:47:54 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2012.03.15 19:47:12 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2012.03.12 23:09:58 | 000,020,480 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll
[2012.03.12 23:09:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign
[2012.03.12 23:09:56 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign
[2012.03.07 10:40:52 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012.02.10 02:43:04 | 000,014,192 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2012.01.31 23:19:18 | 000,366,464 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011.10.12 11:02:14 | 000,187,728 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2011.10.12 11:02:14 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign
[2011.09.07 19:35:30 | 000,065,536 | R--- | C] () -- C:\windows\SysWow64\scardsyn.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.25 10:11:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\APP_NAME_NON_STRING
[2012.11.13 16:38:32 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\DigitalPersona
[2012.11.14 16:26:52 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Downloaded Installations
[2013.04.26 11:10:51 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Dropbox
[2012.11.23 12:53:38 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\DVDVideoSoft
[2012.11.20 13:23:01 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.14 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\FileOpen
[2013.03.30 10:23:39 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\IDT
[2012.11.13 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Infineon
[2012.11.28 03:30:25 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Juniper Networks
[2012.12.30 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Leadertech
[2013.04.15 08:10:33 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\MyPhoneExplorer
[2012.11.14 16:28:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Nitro
[2012.11.15 11:34:53 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Nitro PDF
[2013.01.25 10:15:54 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\PDF Software
[2013.02.25 15:50:51 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Samsung
[2012.11.13 16:39:46 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Synaptics
[2012.11.13 16:38:27 | 000,000,000 | ---D | M] -- C:\Users\oehmenl\AppData\Roaming\Xerox
 
========== Purity Check ==========
 
 

< End of report >

EXTRA-Log:

Code:

OTL Extras logfile created on: 26.04.2013 11:17:00 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\####\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.88 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 30.54% Memory free
7.77 Gb Paging File | 4.56 Gb Available in Paging File | 58.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96.07 Gb Total Space | 10.99 Gb Free Space | 11.44% Space Free | Partition Type: NTFS
Drive G: | 20.88 Gb Total Space | 3.22 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
Drive T: | 1.99 Gb Total Space | 1.97 Gb Free Space | 99.34% Space Free | Partition Type: FAT32
 
Computer Name: NBCHLFL001008 | User Name: #### | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"6129:TCP:*:Dameware" = 6129:TCP:*:Dameware
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"6129:TCP:*:Dameware" = 6129:TCP:*:Dameware
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AD7BEC-5A83-4FB1-A54A-3073F418AC98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{061FED5D-43DE-4638-8545-62772A09A5F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{0B0E709A-C84F-450E-A5A3-73A607BE4437}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0C047BCF-7700-4DA5-AE9E-0443A0C16724}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{462FE72B-3761-4DFB-A139-8FEA485D1609}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4807EB7D-637B-45EF-8401-FF6C03F1387B}" = rport=138 | protocol=17 | dir=out | app=system |
"{5ACF2EBD-442E-47CB-ADF7-45E6295479DC}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E9A7056-15A9-4C31-84CC-6F54E84E762B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{600C0E27-DC23-4717-B8E7-C749386542B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{72488E5A-8AF0-4860-B2BF-246AB5173A44}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{837B5BD2-ABE7-4BE0-B39E-F68EB5A00ECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{9BB7E2B1-9262-4861-9F61-290E3BBC23BF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A7780CE9-EFF2-496A-8CE3-241C9CDF8639}" = lport=139 | protocol=6 | dir=in | app=system |
"{B87CDA91-7EF5-4790-AF35-323F81B8CE69}" = rport=2869 | protocol=6 | dir=out | app=system |
"{BCAACBA3-C7A2-4A20-8D11-F405D549E99D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEE75236-2AA8-48C0-864E-8E8906A2D2CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5A7B038-E24C-44F6-AF36-CCB08ECF2D9E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E70F2C4A-92FC-4B02-B804-200AA08A7F50}" = lport=445 | protocol=6 | dir=in | app=system |
"{ED1B65CB-08DC-4BC9-8A9F-93B022559F2B}" = lport=137 | protocol=17 | dir=in | app=system |
"{FE63E965-1B70-40AD-A7E5-D302A5007B23}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FE1718-580A-4645-A617-A1A0FD7C737E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0D1A7B3B-0200-42A5-A66C-0729B31789BE}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{36FD162B-F130-4266-BE5E-6BA225CA5D53}" = protocol=17 | dir=in | app=c:\users\####\appdata\roaming\dropbox\bin\dropbox.exe |
"{38AADDB6-CA3E-411A-A938-54EB2F817E6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C01A629-8409-406B-A383-5752D8C9FCCC}" = protocol=6 | dir=in | app=c:\users\####\appdata\roaming\dropbox\bin\dropbox.exe |
"{4782CF57-4248-4B84-A208-5275F13FFF50}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{586C7826-4527-4B2D-A2E2-0AF6F1FEA1CF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{59C1A2D8-4E42-4428-9235-498ED9BF66A0}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{5CBBB1B8-D4D8-4BBB-A647-426A51EC2EAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5FDA62A1-63A2-4D95-8DCF-6F241C83F7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{6FE3419A-337E-4132-97B7-FA3C2DDF134F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{723F13FE-BE29-491B-A361-5037EDDD9B3E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{778A809A-6EC6-4A04-96BD-9E7ACFFC2D07}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{9DFAC689-C83B-4A9C-B81A-3ACA7ECF1BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{C76593AF-29ED-4266-BAAF-0D04FEF58A7C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CC62A101-BD00-4E42-B80B-697C7ABF29EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D21B8DED-E1B3-4836-A478-C9997F640396}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E07BE63E-B408-40DD-8427-2E4F3475C9E9}" = dir=in | app=c:\windows\dwrcs\dwrcs.exe |
"{F7DB85F7-D800-4CAA-BDD6-2E5D96E90508}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"TCP Query User{118DF42F-FF61-45E6-91B2-06D242D20624}C:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe |
"TCP Query User{8E49B145-49C0-4475-9BB4-C8726A2CF003}C:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe" = protocol=6 | dir=in | app=c:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe |
"TCP Query User{98C1B141-1A2B-48A9-A873-9A7A3E4F9535}C:\oracle\product\ora10g\jdk\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\oracle\product\ora10g\jdk\jre\bin\java.exe |
"UDP Query User{66CD0649-29FA-408D-9D43-74EE14AB89B4}C:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\admin_furkank\appdata\local\temp\orainstall2012-07-30_09-24-31am\jre\1.4.2\bin\javaw.exe |
"UDP Query User{C2B29DA2-DBCB-4038-A1C5-7ECCD6F8F9A4}C:\oracle\product\ora10g\jdk\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\oracle\product\ora10g\jdk\jre\bin\java.exe |
"UDP Query User{DA0E43B1-3876-412F-BAD4-D8344250A36F}C:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe" = protocol=17 | dir=in | app=c:\users\####\portableapps.com (e)\portableapps\synkronportable\app\synkron\synkron.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}" = Drive Encryption For HP ProtectTools
"{32ED2629-C9B1-4C29-A32A-F3E04A5EE303}" = M-Audio USB MIDI Series Driver 5.0.1 (x64)
"{43BE25B8-E69F-42CF-9414-7DDCF891629B}" = Embedded Security for HP ProtectTools
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84642787-58C0-44AE-8B26-E2F544E380A1}" = HP Power Assistant
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}" = Validity Fingerprint Sensor Driver
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Broadcom Bluetooth Software
"{A535F266-291E-447F-ABE6-0BE17D0CB036}" = HP ProtectTools Security Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C0C9A493-51CB-4F3F-A296-5B5E410C338E}" = HP 3D DriveGuard
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}" = Privacy Manager for HP ProtectTools
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}" = WinZip 15.0
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5}" = McAfee Host Intrusion Prevention
"{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5}_Uninst" = McAfee Host Intrusion Prevention
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{ED65B2D2-6A3B-4A2C-9A41-8E4D4ACEC34E}" = Ignite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"Face Recognition for HP ProtectTools" = Face Recognition for HP ProtectTools
"HPProtectTools" = HP ProtectTools Security Manager
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"PROSet" = Intel(R) Network Connections Drivers
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio Data Module
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}" = Theft Recovery for HP ProtectTools
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP HD Webcam Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4AEFF024-F0D0-4AD6-8231-FF51949E91E0}" = McAfee Agent
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{527DF063-3E28-4E2D-934C-0D3D726D2063}" = SetupCrystalXIWin32Runtime
"{6357258D-2BF9-49E7-A9EF-0C609D52C46D}" = HP ESU for Microsoft Windows 7
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6A53C42D-DCCD-46B7-9143-51071726A6F6}_is1" = Outlook4Gmail 3.1
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8278C6EF-C1C0-4DF9-B7D9-08888280FB61}" = ORTEMS Production Scheduler: Fat deployment 7.3.0
"{8B2A1CFD-8F88-4081-9E18-99395CC27EE6}" = HP Documentation
"{8B62B70F-B0EE-4626-BA23-7A169B8CC724}" = GhostScript
"{8FE60B86-0B99-426D-8DBE-BEC526FDED71}" = Roxio Secure Burn
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A423A4FF-D143-4563-B910-3FC94CB6E85B}" = FilZip
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB4CC828-05EE-4A9B-9097-E0308C27ECCB}" = HP Connection Manager
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio Audio Module
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio Copy Module
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}" = HP System Default Settings
"{CB7253BF-3096-462F-924B-3B800C905D98}" = SolidWorks viewer
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F24F876B-7D71-4BD6-88E9-614D3BB84228}" = Alcor Micro Smart Card Reader Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DivX Setup" = DivX Setup
"Foxit Reader_is1" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}" = Theft Recovery for HP ProtectTools
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"PDF Complete" = PDF Complete Corporate Edition
"Sage ProConcept ERP Client_is1" = Sage PCE2003 Client v3.9.5
"SZCCID" = Alcor Micro Smart Card Reader Driver
"VLC media player" = VLC media player 2.0.6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.04.2013 14:53:19 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
 
Error - 02.04.2013 02:37:51 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
 
Error - 02.04.2013 02:58:46 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 02.04.2013 04:38:07 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
 
Error - 02.04.2013 04:38:08 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
 
Error - 02.04.2013 04:38:11 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
 
Error - 02.04.2013 04:38:13 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = MsiInstaller | ID = 11307
Description =
 
Error - 02.04.2013 09:06:17 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PC_ExeComObjLauncher.exe, Version:
 3.9.5.226, Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: rtl100.bpl, Version:
 10.0.2288.42451, Zeitstempel: 0x443760d4  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000065c2
ID
 des fehlerhaften Prozesses: 0xad4  Startzeit der fehlerhaften Anwendung: 0x01ce2f7f1a479f0b
Pfad
 der fehlerhaften Anwendung: \\Bh-srv08\pcs$\exe\PC_ExeComObjLauncher.exe  Pfad des
 fehlerhaften Moduls: \\Bh-srv08\pcs$\exe\rtl100.bpl  Berichtskennung: 1a2357be-9b96-11e2-9548-a0b3ccc9b207
 
Error - 03.04.2013 01:10:35 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
 
Error - 03.04.2013 01:13:51 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = WinMgmt | ID = 10
Description =
 
[ Hewlett-Packard Events ]
Error - 27.08.2012 01:29:33 | Computer Name = bhbe-mob007.ad.bierihydraulik.com | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164  bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)    bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)    bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)    bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)    bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
  bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

  bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

  bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)    bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

  bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 3977  Ram
 Utilization: 30  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) 
 
Error - 29.08.2012 01:44:41 | Computer Name = NBCHLFL001007.ch-bi.hydac.int | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164  bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)    bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)    bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)    bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)    bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
  bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

  bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

  bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)    bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

  bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 3977  Ram
 Utilization: 30  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) 
 
Error - 13.11.2012 13:19:48 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = HPSF.exe | ID = 4000
Description =
 
[ HP Connection Manager Events ]
Error - 23.04.2013 01:16:15 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.23 07:16:15.219|000010A4|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 23.04.2013 01:16:17 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.23 07:16:17.124|000010A4|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 24.04.2013 01:12:40 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.24 07:12:40.319|000007A8|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 24.04.2013 01:12:42 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.24 07:12:42.202|000007A8|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 25.04.2013 01:11:59 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.25 07:11:59.565|00001C88|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 25.04.2013 01:12:01 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.25 07:12:01.500|00001C88|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 26.04.2013 01:17:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 07:17:23.286|00001F28|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 26.04.2013 01:17:25 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 07:17:25.173|00001F28|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 26.04.2013 05:12:44 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 11:12:44.555|00001D28|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 26.04.2013 05:12:46 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = hpMobile | ID = 5
Description = 2013.04.26 11:12:46.456|00001D28|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
[ HP Software Framework Events ]
Error - 25.04.2013 01:11:01 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 07:11:01.748|00001F6C|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
Error - 25.04.2013 01:11:52 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 07:11:52.168|00001ECC|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
Error - 25.04.2013 01:11:58 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 07:11:58.067|00001AEC|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
Error - 25.04.2013 10:04:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 16:04:23.913|00001F40|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
 
Error - 25.04.2013 10:04:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.25 16:04:23.929|00001F40|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged.2.0 event. Exception: Der Objektverweis
 wurde nicht auf eine Objektinstanz festgelegt.
 
Error - 26.04.2013 01:16:36 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 07:16:36.012|00001DB4|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
Error - 26.04.2013 01:17:16 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 07:17:16.535|000019A0|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
Error - 26.04.2013 01:17:21 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 07:17:21.789|00000FA0|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
Error - 26.04.2013 05:11:59 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 11:11:59.946|000011A8|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
Error - 26.04.2013 05:12:38 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = CaslSmBios | ID = 5
Description = 2013.04.26 11:12:38.073|00000B34|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
[ System Events ]
Error - 07.10.2012 15:01:57 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 07.10.2012 15:03:06 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 07.10.2012 15:05:56 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Roxio Burn Launcher" wurde nicht richtig gestartet.
 
Error - 08.10.2012 01:45:23 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne HYDACCH-BI aufgrund der folgenden  Ursache nicht einrichten:  %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 08.10.2012 01:45:24 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpHotkeyMonitor" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 08.10.2012 12:47:26 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne HYDACCH-BI aufgrund der folgenden  Ursache nicht einrichten:  %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 08.10.2012 12:47:27 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpHotkeyMonitor" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 08.10.2012 12:48:09 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 08.10.2012 12:48:50 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 08.10.2012 12:51:55 | Computer Name = NBCHLFL001008.ch-bi.hydac.int | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Roxio Burn Launcher" wurde nicht richtig gestartet.
 
 
< End of report >


palomino165 26.04.2013 12:12

Liste der Anhänge anzeigen (Anzahl: 2)
ein Gmer-Log kann ich leider nicht posten, da das Programm während dem scannen abstürzt.
Siehe angehängte Bilder.

t'john 28.04.2013 16:02

:hallo:

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:

:OTL

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1

:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\OehmenL\*.tmp
C:\Users\OehmenL\AppData\*.dll
C:\Users\OehmenL\AppData\*.exe
C:\Users\OehmenL\AppData\Local\Temp\*.exe
C:\Users\OehmenL\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]

  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

palomino165 29.04.2013 08:11

Vielen Dank für die Anleitung!

Hier erst mal das OTL-Log:
Code:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\OehmenL\*.tmp not found.
File\Folder C:\Users\OehmenL\AppData\*.dll not found.
File\Folder C:\Users\OehmenL\AppData\*.exe not found.
File\Folder C:\Users\OehmenL\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\OehmenL\AppData\LocalLow\Sun\Java\Deployment\cache not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\oehmenl\Desktop\cmd.bat deleted successfully.
C:\Users\oehmenl\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 5565179 bytes
->Temporary Internet Files folder emptied: 74074 bytes
 
User: admin_furkank
->Temp folder emptied: 197505810 bytes
->Temporary Internet Files folder emptied: 18507670 bytes
->FireFox cache emptied: 6538366 bytes
 
User: All Users
 
User: biglern
->Temp folder emptied: 2349252 bytes
->Temporary Internet Files folder emptied: 34064 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: furkan
->Temp folder emptied: 2096198 bytes
->Temporary Internet Files folder emptied: 34064 bytes
 
User: holzd
->Temp folder emptied: 2349114 bytes
->Temporary Internet Files folder emptied: 34064 bytes
 
User: oehmenl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 216108404 bytes
->FireFox cache emptied: 112167159 bytes
->Google Chrome cache emptied: 9363628 bytes
->Flash cache emptied: 3152 bytes
 
User: Public
 
User: stüssif
->Flash cache emptied: 1280 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 298544157 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85029 bytes
RecycleBin emptied: 67029374 bytes
 
Total Files Cleaned = 895.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04292013_090444

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

mbar hat nichts gefunden.
Hier das Log:
Code:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.03.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
oehmenl :: NBCHLFL001008 [administrator]

29.04.2013 09:23:04
mbar-log-2013-04-29 (09-23-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32689
Time elapsed: 9 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hier das adware-log:
Code:

# AdwCleaner v2.300 - Datei am 29/04/2013 um 09:27:14 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : oehmenl - NBCHLFL001008
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\oehmenl\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\oehmenl\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\oehmenl\AppData\Roaming\dvdvideosoftiehelpers

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16447

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f-4112-ad0d-6a96c28e7aaf&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Datei : C:\Users\stüssif\AppData\Roaming\Mozilla\Firefox\Profiles\ofkw48tj.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\admin_furkank\AppData\Roaming\Mozilla\Firefox\Profiles\98zfjjl9.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\oehmenl\AppData\Roaming\Mozilla\Firefox\Profiles\5rtlgijc.default\prefs.js

Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=936[...]

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\oehmenl\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2364] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=CH&userid=93669dca-9a5f[...]
Gelöscht [l.3157] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=[...]

*************************

AdwCleaner[S1].txt - [5111 octets] - [29/04/2013 09:27:14]

########## EOF - C:\AdwCleaner[S1].txt - [5171 octets] ##########


t'john 29.04.2013 09:31

Du hast MBAR vorher nicht aktualisiert. Nochmal.

palomino165 29.04.2013 09:44

Danke für den Hinweis!

Habe nun aktualisiert, gleiche Meldung:
Code:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
OehmenL :: NBCHLFL001008 [administrator]

29.04.2013 10:43:19
mbar-log-2013-04-29 (10-43-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32834
Time elapsed: 9 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Soll ich adware auch nochmal laufen lassen?
ich meine: adwcleaner

t'john 29.04.2013 13:30

Sehr gut! :daumenhoc

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

palomino165 29.04.2013 15:27

Hier das asw log:
Code:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-29 15:45:26
-----------------------------
15:45:26.942    OS Version: Windows x64 6.1.7601 Service Pack 1
15:45:26.942    Number of processors: 4 586 0x3A09
15:45:26.942    ComputerName: NBCHLFL001008  UserName: oehmenl
15:45:27.410    Initialize success
16:22:57.386    The log file has been saved successfully to "C:\Users\oehmenl\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-29 16:25:23
-----------------------------
16:25:23.644    OS Version: Windows x64 6.1.7601 Service Pack 1
16:25:23.644    Number of processors: 4 586 0x3A09
16:25:23.644    ComputerName: NBCHLFL001008  UserName: oehmenl
16:25:23.925    Initialize success
16:25:28.441    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:25:28.441    Disk 0 Vendor: MTFDDAK1 0809 Size: 122104MB BusType: 3
16:25:28.456    Disk 0 MBR read successfully
16:25:28.456    Disk 0 MBR scan
16:25:28.456    Disk 0 Windows 7 default MBR code
16:25:28.456    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 2048
16:25:28.456    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        98372 MB offset 616448
16:25:28.456    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        21382 MB offset 202082304
16:25:28.456    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0    2041 MB offset 245872640
16:25:28.472    Disk 0 scanning C:\windows\system32\drivers
16:25:34.868    Service scanning
16:25:38.581    Modules scanning
16:25:38.581    Disk 0 trace - called modules:
16:25:38.597    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
16:25:38.597    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006881060]
16:25:38.612    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8006774b10]
16:25:38.612    5 hpdskflt.sys[fffff88001a31299] -> nt!IofCallDriver -> [0xfffffa80042ef720]
16:25:38.628    7 ACPI.sys[fffff88000fa27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80043db050]
16:25:38.628    Scan finished successfully
16:26:02.246    Disk 0 MBR has been saved successfully to "C:\Users\oehmenl\Desktop\MBR.dat"
16:26:02.246    The log file has been saved successfully to "C:\Users\oehmenl\Desktop\aswMBR.txt"


t'john 29.04.2013 20:27

Restlichen Logs?

palomino165 30.04.2013 10:33

Hier das ESET-Log:
Code:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d6b86da6feac6e4baf224831e42f1698
# engine=13723
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-30 09:25:52
# local_time=2013-04-30 11:25:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 22792744 118943802 0 0
# scanned=160154
# found=0
# cleaned=0
# scan_time=12191

Security-Check:
Code:

  Results of screen317's Security Check version 0.99.62 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
McAfee VirusScan Enterprise 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Adobe Flash Player 11.7.700.169 
 Adobe Reader XI 
 Mozilla Firefox (20.0.1)
 Google Chrome 26.0.1410.43 
 Google Chrome 26.0.1410.64 
````````Process Check: objlist.exe by Laurent```````` 
 McAfee VirusScan Enterprise VsTskMgr.exe 
 McAfee VirusScan Enterprise mfeann.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````


t'john 30.04.2013 18:26

Abarbeiten: http://www.trojaner-board.de/126216-...epair-aio.html


dann:

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



palomino165 01.05.2013 07:20

Jetzt ist mein Rechner ganz platt. Macht keinen Mux.
Findet den bootsector nicht mehr.

Ich melde mich wieder, sobald ich das gefixt habe.

Bis jetzt, vielen Dank für Deine Mühe :bussi:

Gruss
Pal

t'john 01.05.2013 09:09

Gab es Probleme mit der Platte?

palomino165 01.05.2013 09:52

Ja leider.
Sie ist komplett platt.
Kein Zugriff mehr :-(

t'john 02.05.2013 14:25

Das ist natuerlich bloed.

Lesefehler werden wohl zu den Abstuerzen und Bluescreens gefuehrt haben.

palomino165 02.05.2013 16:18

Das kann es vielleicht sein.
Leider weiß ich nicht, woher das kommt.

Ich melde mich, sobald ich mehr weiss.
Vielen Dank bisher!

Gruß
Pal

t'john 03.05.2013 09:24

Alles klar.

t'john 19.06.2013 07:37

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132