Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: EasyScan - Malwarebytes findet nichts - was mach' ich falsch?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.12.2010, 00:01   #1
dmw
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Hallo, hab' mir gestern 'easyscan' eingefangen und bin auf der Suche nach Hilfe auf dieses Forum gestoßen.

Befallen ist mein Benutzerkonto (kein Admin) in Vista Home.
Bisher versucht:
Als Admin
Scan mit malwarebytes - nichts gefunden;
Scan mit avira - 1 Fund Java/open... - laut avira 'in Quarantäne verschoben'

Nach Neustart ist das Problem im Benutzerkonto unverändert vorhanden

Wieder als Admin:

rkill laufen lassen - es scheint zu laufen, nennt aber keine entfernten Schädlinge

Nach Neustart im Benutzerkonto immer noch dasselbe Problem.

Ihr erkennt an meiner Beschreibung sicherlich, dass ich Computer-Analphabet bin - ich bitte um Gnade, und ein bisschen Hilfe...

Alt 31.12.2010, 00:16   #2
rea
/// Helfer-Team
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Hallo dmw und willkommen am Trojaner Board!


Vorweg ein paar Hinweise (Bitte beachten!):

  • Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.
  • Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst.
  • Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.
  • Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.
  • Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.
  • Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.
  • Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.
  • Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis



Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung:




Poste mir die Logs: Malwarebytes und von Avira.


Und dann gehts so weiter:


Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

__________________

Alt 31.12.2010, 00:54   #3
dmw
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Vielen Dank für die schnelle Antwort.
Ich habe inzwischen (leider noch VOR dem Lesen Deiner Anleitung) über Euren Link Malwarebytes heruntergeladen und scan ausgeführt; das Protokoll hab' ich erst gespeichert und danach auf 'entfernen' geklckt, deshalb steht da 'no action taken':
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5426

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

31.12.2010 00:17:30
mbam-log-2010-12-31 (00-17-22).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 197673
Laufzeit: 7 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\1h4gdto4bpcl.exe (Rogue.FakeHDD) -> No action taken.
c:\programdata\atwvdpkvgjt.exe (Spyware.Zbot) -> No action taken.
c:\programdata\pvl0dqdwzyjkhamd.exe (Rogue.FakeHDD) -> No action taken.
c:\programdata\HrpDyspw.exe (Rogue.FakeHDD) -> No action taken.
c:\programdata\xegx9tirmjpg.exe (Rogue.FakeHDD) -> No action taken.
c:\Users\d\AppData\Local\Temp\tmp2A49.tmp (Spyware.Zbot) -> No action taken.

Danach hab' ich (wie gesagt, vor Deiner Anleitung) das Benutzerkonto neu gestartet - und jetzt funktioniert es wie vorher; keine komischen Windows-Warnungen, keine 'Festplattenscans') - es fühlt sich alles ganz normal an.
Mit Avira Scan usw. kann ich erst morgen weiter machen (oder könnte es sein, dass malware hier schon gereicht hat?).
Wenn ich nichts höre, mache ich morgen mit avira scan weiter.
Ich hätte auch nichts gegen Neuinstallation - aber die Daten_Dateien müsste ich auf externer Platte sichern und dann wieder ins neue System bringen - ist das OK?
Gruß und Danke!
__________________

Alt 31.12.2010, 01:09   #4
rea
/// Helfer-Team
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Sorry, du solltest die bereits erstellten Logfiles von Avira und Malwarebytes posten anstatt neue zu machen, davon hast du ja oben geschrieben

Zitat:
Bisher versucht:
Als Admin
Scan mit malwarebytes - nichts gefunden;
Scan mit avira - 1 Fund Java/open... - laut avira 'in Quarantäne verschoben'
Also ist ein weiterer Scan mit Avira nicht nötig, mach dann einfach mit OTL weiter.


Zitat:
Ich hätte auch nichts gegen Neuinstallation - aber die Daten_Dateien müsste ich auf externer Platte sichern und dann wieder ins neue System bringen - ist das OK?
Sofern du keine Malware mitnimmst und dann später dasselbe Problem wieder hast, ist das schon okay Wir können auch versuchen zu bereinigen.
Du solltest auf jeden Fall deine Passwörter ändern.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 31.12.2010, 01:53   #5
dmw
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Die alten Logfiles hab' ich nicht gespeichert.
OTL hab' ich grade gemacht:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.12.2010 01:24:52 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\dw\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 86,40 Gb Free Space | 29,99% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive E: | 471,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1021,00 Mb Total Space | 1018,73 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: DW-PC | User Name: dw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.31 01:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\dw\Downloads\OTL.exe
PRC - [2010.12.09 22:51:27 | 005,781,848 | ---- | M] (PokerStars) -- C:\Programme\PokerStars\PokerStars.exe
PRC - [2010.11.05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010.11.05 17:53:52 | 004,098,904 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2010.01.06 19:46:34 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.12.08 14:41:34 | 000,470,785 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2009.11.21 02:31:27 | 000,466,689 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2009.10.29 13:13:38 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.08.25 12:44:06 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.08.25 12:44:04 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.07 01:01:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2009.05.07 01:01:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.29 23:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2008.05.08 01:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008.05.02 21:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.18 14:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.04.04 16:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe
PRC - [2008.03.31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008.03.25 12:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2008.03.03 14:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2008.01.21 03:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.16 16:56:50 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe
PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\acevents.exe
PRC - [2007.05.16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.10.26 23:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.31 01:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\dw\Downloads\OTL.exe
MOD - [2008.05.21 01:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008.01.21 03:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.11.05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.10.29 13:13:38 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.08.25 12:44:06 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.08.25 12:44:04 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.07 01:01:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ezplay.sys -- (ezplay)
DRV - [2010.12.21 21:10:32 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.01.27 17:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009.12.08 14:42:42 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.25 12:44:07 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.07 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.17 18:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.05.14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008.05.14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008.05.14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008.05.08 13:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.04.11 15:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008.04.10 16:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.04.07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.04.07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.27 20:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.03.03 14:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.01 10:41:58 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008.02.01 10:41:58 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008.02.01 10:41:58 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008.01.21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008.01.21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.01.21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.17 22:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll猀 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.4.15
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.2.13
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.28 21:53:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.06 19:46:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.27 18:17:23 | 000,000,000 | ---D | M]
 
[2009.09.14 15:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Extensions
[2010.12.30 17:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions
[2010.03.23 21:08:38 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.12.30 12:07:06 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.03.17 12:04:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.21 22:01:14 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2010.03.17 12:04:08 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010.03.17 12:04:13 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\smarterwiki@wikiatic.com
[2010.03.23 21:08:29 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de
[2010.01.20 12:16:28 | 000,000,939 | ---- | M] () -- C:\Users\dw\AppData\Roaming\Mozilla\FireFox\Profiles\r64qf5o8.default\searchplugins\conduit.xml
[2010.12.09 14:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.28 21:53:02 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009.08.24 20:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FlashGet] C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.30 10:13:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.06.23 07:56:14 | 000,000,075 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.30 10:13:01 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.12.30 10:13:01 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.12.30 10:11:26 | 000,000,000 | ---D | C] -- C:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
[2010.12.30 10:11:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.12.30 10:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.12.30 09:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.12.29 23:17:47 | 000,428,544 | ---- | C] (Point Corp) -- C:\ProgramData\EvDdtiGBBuH.dll
[2010.12.27 18:17:13 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.12.27 18:17:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.12.27 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.12.27 18:09:26 | 000,000,000 | ---D | C] -- C:\Programme\NOS
[2010.12.27 18:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.12.27 16:35:24 | 000,273,256 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\System32\HPDiscoPM5312.dll
[2010.12.27 16:28:15 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Local\HP
[2010.12.26 13:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.12.24 17:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.12.24 16:54:04 | 000,094,208 | ---- | C] (VSO Software) -- C:\windows\System32\drivers\ezplay.sys
[2010.12.24 16:54:04 | 000,094,208 | ---- | C] (VSO Software) -- C:\Users\dw\AppData\Roaming\ezplay.sys
[2010.12.24 16:54:04 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\Vso
[2010.12.24 16:53:34 | 000,000,000 | ---D | C] -- C:\Programme\VSO
[2010.12.23 22:50:50 | 000,000,000 | ---D | C] -- C:\aspi
[2010.12.23 22:46:45 | 000,000,000 | ---D | C] -- C:\adaptec
[2010.12.23 19:05:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\click2learn
[2010.12.22 11:50:27 | 000,000,000 | ---D | C] -- C:\Programme\Messer
[2010.12.21 22:09:18 | 000,000,000 | ---D | C] -- C:\Klett
[2010.12.21 22:09:00 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\windows\IsUn0407.exe
[2010.12.21 22:03:09 | 000,000,000 | ---D | C] -- C:\Users\dw\Documents\Alcohol 120%
[2010.12.21 22:01:16 | 000,000,000 | ---D | C] -- C:\Programme\free-downloads.net
[2010.12.21 21:56:54 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft
[2010.12.21 13:13:15 | 000,000,000 | ---D | C] -- C:\Programme\A-Ray Scanner
[2010.12.09 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\HPAppData
[2010.12.09 11:51:10 | 000,000,000 | ---D | C] -- C:\Programme\SlySoft
[2010.12.07 20:00:57 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\QuickStoresToolbar
[2010.12.07 20:00:55 | 000,000,000 | ---D | C] -- C:\Programme\Audiograbber
[2010.12.07 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\EAC
[2010.12.07 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\AccurateRip
[2010.12.07 19:25:11 | 000,000,000 | ---D | C] -- C:\Programme\Exact Audio Copy
[2010.10.03 14:11:32 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Programme\Common Files\keyhelp.ocx
[2009.08.25 08:34:45 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009.08.25 08:34:44 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.31 01:22:54 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.31 01:22:54 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.31 01:03:15 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.31 00:34:11 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.31 00:30:23 | 000,681,402 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.12.31 00:30:23 | 000,638,964 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.12.31 00:30:23 | 000,148,846 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.12.31 00:30:23 | 000,120,848 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.12.31 00:22:56 | 000,352,615 | -H-- | M] () -- C:\windows\System32\drivers\vsconfig.xml
[2010.12.31 00:22:50 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2010.12.31 00:22:47 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2010.12.31 00:22:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.12.31 00:22:09 | 3216,261,120 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.31 00:20:59 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010.12.31 00:20:34 | 000,027,648 | ---- | M] () -- C:\Users\dw\Documents\Malwarebytes.doc
[2010.12.31 00:07:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.30 18:20:55 | 000,428,544 | ---- | M] (Point Corp) -- C:\ProgramData\EvDdtiGBBuH.dll
[2010.12.30 10:13:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010.12.30 10:13:03 | 000,002,071 | ---- | M] () -- C:\Users\dw\Desktop\SpyHunter.lnk
[2010.12.30 09:41:47 | 000,000,336 | ---- | M] () -- C:\ProgramData\XeGX9TiRmJpg
[2010.12.30 00:46:53 | 000,000,336 | ---- | M] () -- C:\ProgramData\HrpDyspw
[2010.12.29 23:58:03 | 000,000,272 | ---- | M] () -- C:\ProgramData\~pVl0dQDWZyJkhaMd
[2010.12.29 23:58:03 | 000,000,168 | ---- | M] () -- C:\ProgramData\~pVl0dQDWZyJkhaMdr
[2010.12.29 23:55:20 | 000,000,336 | ---- | M] () -- C:\ProgramData\pVl0dQDWZyJkhaMd
[2010.12.29 23:49:23 | 000,000,432 | ---- | M] () -- C:\ProgramData\1H4GDTo4bpCl
[2010.12.29 23:44:20 | 000,000,272 | ---- | M] () -- C:\ProgramData\~1H4GDTo4bpCl
[2010.12.29 23:44:20 | 000,000,168 | ---- | M] () -- C:\ProgramData\~1H4GDTo4bpClr
[2010.12.27 18:17:23 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010.12.27 18:02:21 | 000,000,640 | ---- | M] () -- C:\windows\tasks\hpwebreg_CN07BBM0V8.job
[2010.12.27 16:35:23 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) -- C:\windows\System32\drivers\ezplay.sys
[2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) -- C:\Users\dw\AppData\Roaming\ezplay.sys
[2010.12.24 16:59:00 | 000,087,608 | ---- | M] () -- C:\Users\dw\AppData\Roaming\inst.exe
[2010.12.24 16:59:00 | 000,007,861 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.cat
[2010.12.24 16:59:00 | 000,001,103 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.inf
[2010.12.24 16:59:00 | 000,000,125 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.ini
[2010.12.24 16:58:52 | 000,000,809 | ---- | M] () -- C:\Users\dw\Desktop\BlindWrite 6.lnk
[2010.12.23 23:29:08 | 000,000,124 | ---- | M] () -- C:\Users\dw\Documents\ax_files.xml
[2010.12.21 22:01:29 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010.12.21 21:10:32 | 000,436,792 | ---- | M] () -- C:\windows\System32\drivers\sptd.sys
[2010.12.21 13:15:36 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.12.21 13:13:15 | 000,000,820 | ---- | M] () -- C:\Users\dw\Desktop\A-Ray Scanner.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.12.18 07:31:56 | 348,027,293 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010.12.09 11:51:12 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2010.12.07 20:00:58 | 000,000,183 | ---- | M] () -- C:\Users\dw\Desktop\QuickStores.url
[2010.12.07 20:00:56 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2010.12.07 19:25:13 | 000,000,867 | ---- | M] () -- C:\Users\dw\Desktop\Exact Audio Copy.lnk
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.31 00:20:32 | 000,027,648 | ---- | C] () -- C:\Users\dw\Documents\Malwarebytes.doc
[2010.12.30 10:13:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010.12.30 10:13:03 | 000,002,071 | ---- | C] () -- C:\Users\dw\Desktop\SpyHunter.lnk
[2010.12.30 09:41:47 | 000,000,336 | ---- | C] () -- C:\ProgramData\XeGX9TiRmJpg
[2010.12.30 00:46:53 | 000,000,336 | ---- | C] () -- C:\ProgramData\HrpDyspw
[2010.12.29 23:58:03 | 000,000,272 | ---- | C] () -- C:\ProgramData\~pVl0dQDWZyJkhaMd
[2010.12.29 23:58:03 | 000,000,168 | ---- | C] () -- C:\ProgramData\~pVl0dQDWZyJkhaMdr
[2010.12.29 23:55:16 | 000,000,336 | ---- | C] () -- C:\ProgramData\pVl0dQDWZyJkhaMd
[2010.12.29 23:44:20 | 000,000,272 | ---- | C] () -- C:\ProgramData\~1H4GDTo4bpCl
[2010.12.29 23:44:20 | 000,000,168 | ---- | C] () -- C:\ProgramData\~1H4GDTo4bpClr
[2010.12.29 23:42:48 | 000,000,432 | ---- | C] () -- C:\ProgramData\1H4GDTo4bpCl
[2010.12.27 18:17:23 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010.12.27 17:34:05 | 000,000,640 | ---- | C] () -- C:\windows\tasks\hpwebreg_CN07BBM0V8.job
[2010.12.27 16:35:23 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2010.12.24 16:54:21 | 000,000,034 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.log
[2010.12.24 16:54:04 | 000,087,608 | ---- | C] () -- C:\Users\dw\AppData\Roaming\inst.exe
[2010.12.24 16:54:04 | 000,007,861 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.cat
[2010.12.24 16:54:04 | 000,001,103 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.inf
[2010.12.24 16:54:04 | 000,000,125 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.ini
[2010.12.24 16:53:45 | 000,000,809 | ---- | C] () -- C:\Users\dw\Desktop\BlindWrite 6.lnk
[2010.12.21 22:07:53 | 000,000,124 | ---- | C] () -- C:\Users\dw\Documents\ax_files.xml
[2010.12.21 21:57:02 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010.12.21 21:10:32 | 000,436,792 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010.12.21 13:13:15 | 000,000,820 | ---- | C] () -- C:\Users\dw\Desktop\A-Ray Scanner.lnk
[2010.12.09 11:55:14 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.09 11:51:12 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2010.12.07 20:00:58 | 000,000,183 | ---- | C] () -- C:\Users\dw\Desktop\QuickStores.url
[2010.12.07 20:00:56 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2010.12.07 19:25:13 | 000,000,867 | ---- | C] () -- C:\Users\dw\Desktop\Exact Audio Copy.lnk
[2010.04.03 15:21:47 | 000,000,001 | ---- | C] () -- C:\windows\System32\uuddc32.dll
[2010.03.22 16:16:55 | 000,003,584 | ---- | C] () -- C:\Users\dw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.11 22:20:37 | 000,004,865 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010.03.11 17:50:49 | 000,063,393 | ---- | C] () -- C:\Programme\hminstalllog.txt
[2010.02.19 09:53:15 | 000,001,553 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.02.01 13:00:09 | 000,663,552 | ---- | C] () -- C:\windows\System32\Tx12.dll
[2010.02.01 13:00:09 | 000,000,530 | ---- | C] () -- C:\windows\System32\tx12_ic.ini
[2009.11.04 01:07:07 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Roaming\AVSDVDPlayer.m3u
[2009.11.04 00:56:47 | 000,524,288 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009.11.04 00:56:47 | 000,139,264 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009.09.29 19:51:59 | 000,000,090 | ---- | C] () -- C:\Users\dw\AppData\Local\fusioncache.dat
[2009.09.29 19:51:47 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2009.08.26 16:57:48 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\QSwitch.txt
[2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\DSwitch.txt
[2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\AtStart.txt
[2009.08.25 08:34:45 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009.08.25 08:34:45 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009.08.25 08:34:45 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008.06.17 05:07:59 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008.06.17 05:07:59 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008.06.17 05:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008.06.17 05:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008.06.17 05:07:59 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008.06.17 05:07:59 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008.06.17 04:49:59 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008.05.14 01:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008.05.08 10:14:24 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008.04.17 17:29:08 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005.04.03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2009.10.18 14:50:26 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\BITS
[2010.06.22 19:08:44 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\ChessBase
[2009.09.26 22:20:08 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\DonationCoder
[2010.12.07 19:25:24 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\EAC
[2009.09.26 10:22:50 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Engelmann Media
[2010.02.28 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\FreeFLVConverter
[2009.09.16 13:56:32 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\InterVideo
[2010.12.09 12:11:04 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\kikin
[2010.01.08 21:22:06 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Notepad++
[2009.08.31 09:24:06 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Opera
[2010.12.07 20:00:58 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\QuickStoresToolbar
[2010.09.07 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\SparweltGutschein
[2010.03.13 19:57:27 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\uTorrent
[2010.12.24 17:00:09 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Vso
[2010.12.31 00:21:00 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:2F274350E84658CA
@Alternate Data Stream - 22528 bytes -> C:\windows\System32\AUTOCHK.EXE:BAK

< End of report >
         
--- --- ---


Und:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.12.2010 01:24:52 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\dw\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 86,40 Gb Free Space | 29,99% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive E: | 471,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1021,00 Mb Total Space | 1018,73 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: DW-PC | User Name: dw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39250603-7F04-4869-B336-04A9028DD866}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{4EFD917D-0DE9-414E-9E28-630E83015E9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B4163651-1E25-463F-A5AB-915674FACE0C}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026BD00D-5936-4FE5-AA1E-CD8E0E54CBED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0AD7BC5C-352A-4557-983E-CE25B41FA3AB}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{1BD01C0D-E278-4589-8EAA-770CB6837889}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{208FA400-BCF0-4C0A-83FE-78E748BF8950}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{27BC4B53-7FE7-4A95-B4D0-95C4C92B3214}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{3A3155C4-8ED2-491E-99EB-CD8C6FFC6BE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{3B20AF4D-AE4A-428E-BA5A-1B759CB19EB1}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{43D1CA1E-2D72-4F36-9A17-BB55020AD8D4}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{4F47FC29-6D6C-4998-AC4E-72E79FE689B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{593BD3D2-D8DC-4E3E-A10A-ABBF0AC1E988}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{6E7F7097-2856-4E21-AF90-B594D6DB539B}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{73F81C72-4CBF-4674-B245-F6A8E9FD82B9}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{81A4233A-62DD-4BC5-A837-849F13AE08B2}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{89BFE268-0855-476F-B535-4FE0AA90DB0D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{8AE44CE0-F2B3-4AF8-8274-809F92AC65DC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{AC48C4A1-AC1D-4DC4-AD1C-21AF4E6D3422}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{BC1BE14B-6C33-49F2-9CDE-4BBA10DCB4A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BD6F265D-503B-430F-83B1-66E3FDB00D5D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{D03D9D54-599E-471B-87BE-E9053BE749E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{D2632666-2A94-4AD4-8371-05E746B31648}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{DC320CD3-31E1-480A-8976-F3D268481192}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{DE890099-40D1-4531-83DC-AF5D2935C49D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EB22A9A0-7FEC-4C28-83E0-973ACF05E29C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{06CB77AB-CDE1-EF6B-175D-85FA59C7F0EE}" = Catalyst Control Center Core Implementation
"{07D78C7B-2AA8-5C02-4238-EE3F39279221}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AF9C2B7-2E98-8D77-3892-F8512305C6CE}" = CCC Help Turkish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Hilfe
"{140BAED1-23A8-401F-A722-8BFB0F0E0FAB}" = Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{164280AB-98C2-FD02-EC0B-5DFBB98E89C1}" = Catalyst Control Center Localization Chinese Standard
"{173317B8-D99E-F58E-CAAE-924D8F26C435}" = CCC Help Czech
"{1779522E-BFC6-738C-E97E-39405E196FA6}" = Catalyst Control Center Localization Spanish
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{1DB44CB7-D68E-9F09-D656-0FBC7D4D9C00}" = Catalyst Control Center Localization Norwegian
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FD3DF19-EF58-2A29-222B-A4B6E237D3DD}" = Catalyst Control Center Graphics Previews Vista
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EC294E6-2E8C-23A7-C174-4E59532B0E06}" = Catalyst Control Center Localization Korean
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{311BF3BF-6AAB-7859-1E5A-EB46644A6011}" = CCC Help French
"{32063923-8066-18D5-BF07-2B692547AEF5}" = CCC Help Korean
"{323C15C3-6DE1-05E6-B202-6F1D90BB1B06}" = Catalyst Control Center Localization Turkish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{345D8E42-E1E4-4006-81EB-2C5C0C8F8608}" = SyberiaDemo
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3848DCD1-E356-ACB9-93AF-FB93485E1598}" = CCC Help Thai
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3A76F96A-637B-9A0E-F65B-AE595A49DEDA}" = ccc-core-static
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FCFB6B6-B5DE-C5B8-825F-5998C220C24E}" = Catalyst Control Center Localization Russian
"{41EBC322-660F-4D16-A0DF-53147210CBDB}" = SpyHunter
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{45BA0F82-FC61-828B-A188-49A24B7B39F4}" = Catalyst Control Center Localization Swedish
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4ADB08ED-A385-21BA-3511-00EB170C9CCA}" = Catalyst Control Center Localization Greek
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{500CAC18-1509-AC6C-3E91-A437F9457D5E}" = CCC Help Japanese
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{5B5494F7-FD30-AFAB-ACD5-345F26B6AAF4}" = Catalyst Control Center Graphics Full Existing
"{5BF2EC0B-2A01-DDEA-5645-E700BCE9CDA6}" = CCC Help Spanish
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EF644FA-3703-3253-7372-AE46FD862588}" = ccc-utility
"{63BABF5E-B142-02F9-85E1-F0A1DBEC6D5D}" = Catalyst Control Center Localization Chinese Traditional
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{647ED1EC-1D53-9886-B5A1-234CE9D7BE3F}" = Catalyst Control Center Localization Danish
"{64F561F5-17B7-0721-8D08-78777BB91382}" = CCC Help Italian
"{65E63D8F-F763-940E-38FA-1A6B2C30ADB2}" = Catalyst Control Center Graphics Light
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F98BA-338E-49a1-9D79-D786A83E6621}" = HP Officejet Pro 8000 A809 Series
"{6B4591DF-C531-255E-BDE6-25226A5AE115}" = Skins
"{6C4592F5-A803-1740-A708-84F3578DC083}" = Catalyst Control Center Localization German
"{6DF8EB4D-F5E5-369C-38B2-4F7CD0F02AC3}" = Catalyst Control Center Localization Italian
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8BEA3254-8719-4815-9312-69AF21B8D779}" = CCC Help Chinese Traditional
"{8BF85A3B-C2EE-2A32-DF54-B565062FBEC9}" = Catalyst Control Center Localization Japanese
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD39028-8B90-88D8-781A-AB82A9AE6662}" = CCC Help English
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91B26C13-34A4-36FA-E1F0-22664915EED1}" = Catalyst Control Center Localization Dutch
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{968933D6-A9FC-891C-6292-F7E68DB2C7EA}" = CCC Help Finnish
"{96DB55D1-E21F-126C-1ADD-35EAAC852C7C}" = Catalyst Control Center Localization Finnish
"{988B865E-CC06-7B3D-FBC0-52093DB75C9A}" = CCC Help Dutch
"{997F39AA-6CDC-2E23-F9C3-D59AACABAB8F}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAEBA159-3D7A-4C3C-B2EA-35A627506606}" = Fritz11
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0704448-6681-607E-D97F-A148C2E2F763}" = CCC Help Danish
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BABEDC2E-5718-1D6D-9E76-93C7EC76BBC4}" = CCC Help Greek
"{BC1DC565-8B34-4B29-9DB2-BF281C2FB56E}" = ESU for Microsoft Vista SP1
"{BD5DE09E-3C1C-1DCE-E98D-7B7BBDBE15AD}" = CCC Help Portuguese
"{BFCBCC48-9027-17B7-BD08-5214898494CC}" = CCC Help German
"{C3036710-8564-ECEA-0E19-1B7880111167}" = CCC Help Swedish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7D03B2F-5B3A-A6D8-1C6C-AFCA02DDD3EC}" = Catalyst Control Center Localization Czech
"{C8A33E2B-5DDB-BF2E-24A9-95DFA1CDF56D}" = Catalyst Control Center Localization Polish
"{CA144572-CEAD-5A14-A338-D28B35D9C7FF}" = Catalyst Control Center Localization Hungarian
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{CE3020D2-1742-19F4-EFB4-4D76097C81D0}" = Catalyst Control Center Localization Portuguese
"{CF755AAE-7801-359C-E9D3-FE8572F8C760}" = Catalyst Control Center Graphics Full New
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DC04644B-C7B3-AF77-610C-7F0AF59AC44D}" = ATI Catalyst Install Manager
"{DE80F89F-6132-42A9-1A47-542F6C60E1A2}" = CCC Help Russian
"{DEB23231-0851-4E3E-A2DB-EED8A40B0883}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.3
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E979B690-80A7-8E8B-1281-C68DBEDDB491}" = CCC Help Norwegian
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F23DFEB2-A5D1-3B97-FBF3-30DC859411C0}" = CCC Help Hungarian
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Schnellzugriffe
"{FBE38124-B7F0-3EEE-98C5-D8C3AE353FF5}" = CCC Help Chinese Standard
"{FD9FAE60-2BF1-C877-9843-AABA9DA06A2B}" = CCC Help Polish
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"A-Ray Scanner" = A-Ray Scanner 2.0.2.3
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.30
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Disc Creator_is1" = AVS Disc Creator version 4.1
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.3.0
"Betfair Poker_is1" = Betfair Poker
"Cavern Escape_is1" = Cavern Escape 1.001
"Clever & Smart - A Movie Adventure" = Clever & Smart - A Movie Adventure
"CloneCD" = CloneCD
"Découvertes 2 - SESAM" = Découvertes 2 - SESAM
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Everest Poker" = Everest Poker (Remove Only)
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"exPressit S.E. 3.0" = exPressit S.E. 3.0
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"Google Chrome" = Google Chrome
"HoldemManager" = Holdem Manager
"hotpot_is1" = HotPotatoes v 6.3.0.4
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Jagged Alliance 2" = Jagged Alliance 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messer_is1" = Messer v0.992
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Notepad++" = Notepad++
"PDF Complete" = PDF Complete
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Projekt W_is1" = Projekt W - Phase 1 (1.2)
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"RonyaSoft CD DVD Label Maker" = RonyaSoft CD DVD Label Maker 2.01
"Scid_is1" = Scid 4.2.2
"Sesam Découvertes 2" = Sesam Découvertes 2 deinstallieren
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnderCoverXP_is1" = UnderCoverXP 1.23
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Winload Toolbar" = Winload Toolbar
"WINZD_is1" = WINZD 2010-04
"XMedia Recode" = XMedia Recode 2.1.8.4
"YouTube FLV to AVI Converter Pro_is1" = YouTube FLV to AVI Converter Pro 2.3.0
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.12.2010 18:03:13 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.12.2010 18:47:07 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.12.2010 19:03:13 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.12.2010 19:22:50 | Computer Name = dw-PC | Source = PostgreSQL | ID = 0
Description = 2010-12-31 00:22:50 CETFATAL:  the database system is starting up 
 
Error - 30.12.2010 19:23:19 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.12.2010 19:23:43 | Computer Name = dw-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.12.2010 19:30:26 | Computer Name = dw-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AsGHost.exe, Version 3.0.0.61, Zeitstempel 0x4833c92a,
 fehlerhaftes Modul ItSSO.dll, Version 3.0.0.464, Zeitstempel 0x4833c998, Ausnahmecode
 0xc0000005, Fehleroffset 0x0001f29a,  Prozess-ID 0x340, Anwendungsstartzeit 01cba878a146cb4c.
 
Error - 30.12.2010 19:37:13 | Computer Name = dw-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AsGHost.exe, Version 3.0.0.61, Zeitstempel 0x4833c92a,
 fehlerhaftes Modul ItSSO.dll, Version 3.0.0.464, Zeitstempel 0x4833c998, Ausnahmecode
 0xc0000005, Fehleroffset 0x0001f29a,  Prozess-ID 0x1054, Anwendungsstartzeit 01cba87a0e117b7c.
 
Error - 30.12.2010 19:39:18 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.12.2010 20:03:15 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
[ Credential Manager Events ]
Error - 08.10.2010 09:42:07 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 08.10.2010 09:42:07 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 11.10.2010 06:19:55 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 11.10.2010 06:19:55 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 11.10.2010 15:35:01 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 11.10.2010 15:35:01 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 15.10.2010 11:43:09 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 15.10.2010 11:43:09 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ System Events ]
Error - 22.11.2009 18:30:32 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:30:36 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:30:40 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:13 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:16 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:20 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:24 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 19:52:12 | Computer Name = dw-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.11.2009 19:52:37 | Computer Name = dw-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 22.11.2009 19:53:19 | Computer Name = dw-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---
[/QUOTE]

Ich hab' nur den Scan durchführen lassen - und der Versuchung widerstanden auf die verheißungsvollen Buttons 'Fix' und 'Bereinigen' zu klicken, ist das ok?
Gruß,
dmw


Alt 31.12.2010, 16:07   #6
rea
/// Helfer-Team
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Zitat:
Ich hab' nur den Scan durchführen lassen - und der Versuchung widerstanden auf die verheißungsvollen Buttons 'Fix' und 'Bereinigen' zu klicken, ist das ok?
Wenn du gern allein weitermachen möchtest, kannst du natürlich rumklicken wie du magst. Ansonsten fänd ich es toll, wenn du die Anleitungen liest und dich auch daran hältst




1.) Deinstallation von Software
  • -> Start
  • -> Systemsteuerung
  • -> Programme und Funktionen
  • -> Programm deinstallieren
  • Wähle nun jeweils eine Software aus:
    Code:
    ATTFilter
    SpyHunter
    Google Update Helper
    kikin plugin 2.3
    AOL Toolbar 5.0
    free-downloads.net Toolbar
    QuickStores-Toolbar 1.2.0
    Winload Toolbar
             
  • -> ändern/entfernen und deinstallieren.

Das Löschen der Toolbars ist optional, wenn du dich von einer ungern trennen möchtest, kannst du sie natürlich auch behalten. Ich persönlich finde Toolbars unnötig/grenzwertig und würde sie deinstallieren.





2.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Code:
    ATTFilter
    :OTL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: []  File not found
    O4 - HKCU..\Run: [FlashGet] C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe File not found
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
    O32 - AutoRun File - [2005.06.23 07:56:14 | 000,000,075 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\Shell - "" = AutoRun
    O33 - MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
    O33 - MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
    O33 - MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\Shell - "" = AutoRun
    O33 - MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    [2010.12.29 23:17:47 | 000,428,544 | ---- | C] (Point Corp) -- C:\ProgramData\EvDdtiGBBuH.dll
    [2010.12.30 09:41:47 | 000,000,336 | ---- | M] () -- C:\ProgramData\XeGX9TiRmJpg
    [2010.12.30 00:46:53 | 000,000,336 | ---- | M] () -- C:\ProgramData\HrpDyspw
    [2010.12.29 23:58:03 | 000,000,272 | ---- | M] () -- C:\ProgramData\~pVl0dQDWZyJkhaMd
    [2010.12.29 23:58:03 | 000,000,168 | ---- | M] () -- C:\ProgramData\~pVl0dQDWZyJkhaMdr
    [2010.12.29 23:55:20 | 000,000,336 | ---- | M] () -- C:\ProgramData\pVl0dQDWZyJkhaMd
    [2010.12.29 23:49:23 | 000,000,432 | ---- | M] () -- C:\ProgramData\1H4GDTo4bpCl
    [2010.12.29 23:44:20 | 000,000,272 | ---- | M] () -- C:\ProgramData\~1H4GDTo4bpCl
    [2010.12.29 23:44:20 | 000,000,168 | ---- | M] () -- C:\ProgramData\~1H4GDTo4bpClr
    [2010.12.24 16:59:00 | 000,087,608 | ---- | M] () -- C:\Users\dw\AppData\Roaming\inst.exe
    @Alternate Data Stream - 24 bytes -> C:\Windows:2F274350E84658CA
    @Alternate Data Stream - 22528 bytes -> C:\windows\System32\AUTOCHK.EXE:BAK
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" =-
    "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" =-
    "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" =-
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
             
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.





3.) Erneuter Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.





Bitte poste in deiner nächsten Antwort:
  • Das Logfile vom OTL-Fix (Schritt 2)
  • Die beiden Logfiles vom neuen OTL-Scan (Schritt 3)
__________________
--> EasyScan - Malwarebytes findet nichts - was mach' ich falsch?

Alt 31.12.2010, 18:02   #7
dmw
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Habe

SpyHunter
kikin plugin 2.3
AOL Toolbar 5.0
free-downloads.net Toolbar
QuickStores-Toolbar 1.2.0
Winload Toolbar
deinstalliert; während der Deinstallation haben SpyHunter und zwei oder drei der Toolbars versucht über Internet Explorer ins internet zu gehen, was nicht geklappt hat, weil der IE bei mir schon lange nicht mehr funktioniert - aus der Liste sind sie jedenfalls weg.
Google Update Helper hab ich in der Liste der installierten Programme nicht gefunden.

Das Log nach dem 'fix':
Zitat:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\FlashGet deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98dc6db5-0463-11df-b81d-00247e1af4c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98dc6db5-0463-11df-b81d-00247e1af4c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98dc6db5-0463-11df-b81d-00247e1af4c8}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e22ff248-029a-11df-a059-00247e1af4c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e22ff248-029a-11df-a059-00247e1af4c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e22ff248-029a-11df-a059-00247e1af4c8}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e22ff268-029a-11df-a059-00247e1af4c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e22ff268-029a-11df-a059-00247e1af4c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e22ff268-029a-11df-a059-00247e1af4c8}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e22ff291-029a-11df-a059-00247e1af4c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e22ff291-029a-11df-a059-00247e1af4c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e22ff291-029a-11df-a059-00247e1af4c8}\ not found.
File G:\AutoRun.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\ProgramData\EvDdtiGBBuH.dll moved successfully.
C:\ProgramData\XeGX9TiRmJpg moved successfully.
C:\ProgramData\HrpDyspw moved successfully.
C:\ProgramData\~pVl0dQDWZyJkhaMd moved successfully.
C:\ProgramData\~pVl0dQDWZyJkhaMdr moved successfully.
C:\ProgramData\pVl0dQDWZyJkhaMd moved successfully.
C:\ProgramData\1H4GDTo4bpCl moved successfully.
C:\ProgramData\~1H4GDTo4bpCl moved successfully.
C:\ProgramData\~1H4GDTo4bpClr moved successfully.
C:\Users\dw\AppData\Roaming\inst.exe moved successfully.
ADS C:\Windows:2F274350E84658CA deleted successfully.
ADS C:\windows\System32\AUTOCHK.EXE:BAK deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anne
->Temp folder emptied: 2461134 bytes
->Temporary Internet Files folder emptied: 1020661 bytes
->Java cache emptied: 278178 bytes
->FireFox cache emptied: 99616157 bytes
->Flash cache emptied: 2100 bytes

User: d
->Temp folder emptied: 584512396 bytes
->Temporary Internet Files folder emptied: 12744357 bytes
->Java cache emptied: 1947370 bytes
->FireFox cache emptied: 58681627 bytes
->Opera cache emptied: 46381945 bytes
->Flash cache emptied: 1040162 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dw
->Temp folder emptied: 140349719 bytes
->Temporary Internet Files folder emptied: 120699446 bytes
->FireFox cache emptied: 66899004 bytes
->Opera cache emptied: 2941973 bytes
->Flash cache emptied: 4437 bytes

User: Gast
->Temp folder emptied: 52603 bytes
->Temporary Internet Files folder emptied: 183804 bytes
->FireFox cache emptied: 42191013 bytes
->Flash cache emptied: 405 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1090048 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 101909939 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1643909682 bytes

Total Files Cleaned = 2.794,00 mb



OTL by OldTimer - Version 3.2.18.2 log created on 12312010_171209

Files\Folders moved on Reboot...
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File\Folder C:\windows\temp\ZLT00eb5.TMP not found!
File\Folder C:\windows\temp\ZLT00eb8.TMP not found!

Registry entries deleted on Reboot...
OTl Scan:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.12.2010 17:42:01 - Run 2
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\dw\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 88,14 Gb Free Space | 30,60% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive E: | 471,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1021,00 Mb Total Space | 1018,73 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: DW-PC | User Name: dw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.31 01:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\dw\Downloads\OTL.exe
PRC - [2010.01.06 19:46:34 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.10.29 13:13:38 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.08.25 12:44:06 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.08.25 12:44:04 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.07 01:01:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2008.01.21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.16 16:56:50 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe
PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\acevents.exe
PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.31 01:22:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\dw\Downloads\OTL.exe
MOD - [2008.05.21 01:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008.01.21 03:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.10.29 13:13:38 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.08.25 12:44:06 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.08.25 12:44:04 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.07 01:01:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008.03.03 14:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ezplay.sys -- (ezplay)
DRV - [2010.12.21 21:10:32 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.08 14:42:42 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.25 12:44:07 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.07 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.17 18:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.05.14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008.05.14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008.05.14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008.05.08 13:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.28 07:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.04.11 15:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008.04.10 16:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.04.07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.04.07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.27 20:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.03.03 14:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.01 10:41:58 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008.02.01 10:41:58 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008.02.01 10:41:58 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008.01.21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008.01.21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.01.21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.17 22:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.2.13
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.28 21:53:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.06 19:46:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.27 18:17:23 | 000,000,000 | ---D | M]
 
[2009.09.14 15:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Extensions
[2010.12.31 17:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions
[2010.03.23 21:08:38 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.12.31 02:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.03.17 12:04:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.21 22:01:14 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2010.03.17 12:04:08 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010.03.17 12:04:13 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\smarterwiki@wikiatic.com
[2010.03.23 21:08:29 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de
[2010.01.20 12:16:28 | 000,000,939 | ---- | M] () -- C:\Users\dw\AppData\Roaming\Mozilla\FireFox\Profiles\r64qf5o8.default\searchplugins\conduit.xml
[2010.12.09 14:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.28 21:53:02 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009.08.24 20:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.30 10:13:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.06.23 07:56:14 | 000,000,075 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.31 17:23:09 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\HPAppData
[2010.12.31 17:12:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.30 10:13:01 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.12.30 10:11:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.12.30 10:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.12.30 09:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.12.27 18:17:13 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.12.27 18:17:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.12.27 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.12.27 18:09:26 | 000,000,000 | ---D | C] -- C:\Programme\NOS
[2010.12.27 18:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.12.27 16:35:24 | 000,273,256 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\System32\HPDiscoPM5312.dll
[2010.12.27 16:28:15 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Local\HP
[2010.12.26 13:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.12.24 17:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.12.24 16:54:04 | 000,094,208 | ---- | C] (VSO Software) -- C:\windows\System32\drivers\ezplay.sys
[2010.12.24 16:54:04 | 000,094,208 | ---- | C] (VSO Software) -- C:\Users\dw\AppData\Roaming\ezplay.sys
[2010.12.24 16:54:04 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\Vso
[2010.12.24 16:53:34 | 000,000,000 | ---D | C] -- C:\Programme\VSO
[2010.12.23 22:50:50 | 000,000,000 | ---D | C] -- C:\aspi
[2010.12.23 22:46:45 | 000,000,000 | ---D | C] -- C:\adaptec
[2010.12.23 19:05:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\click2learn
[2010.12.22 11:50:27 | 000,000,000 | ---D | C] -- C:\Programme\Messer
[2010.12.21 22:09:18 | 000,000,000 | ---D | C] -- C:\Klett
[2010.12.21 22:09:00 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\windows\IsUn0407.exe
[2010.12.21 22:03:09 | 000,000,000 | ---D | C] -- C:\Users\dw\Documents\Alcohol 120%
[2010.12.21 21:56:54 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft
[2010.12.21 13:13:15 | 000,000,000 | ---D | C] -- C:\Programme\A-Ray Scanner
[2010.12.09 11:51:10 | 000,000,000 | ---D | C] -- C:\Programme\SlySoft
[2010.12.07 20:00:55 | 000,000,000 | ---D | C] -- C:\Programme\Audiograbber
[2010.12.07 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\EAC
[2010.12.07 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\dw\AppData\Roaming\AccurateRip
[2010.12.07 19:25:11 | 000,000,000 | ---D | C] -- C:\Programme\Exact Audio Copy
[2010.10.03 14:11:32 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Programme\Common Files\keyhelp.ocx
[2009.08.25 08:34:45 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009.08.25 08:34:44 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.31 17:25:57 | 000,640,404 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.12.31 17:25:56 | 000,681,402 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.12.31 17:25:56 | 000,148,846 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.12.31 17:25:56 | 000,122,288 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.12.31 17:21:50 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.31 17:20:31 | 000,352,615 | -H-- | M] () -- C:\windows\System32\drivers\vsconfig.xml
[2010.12.31 17:20:20 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2010.12.31 17:20:18 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2010.12.31 17:19:50 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.31 17:19:50 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.31 17:19:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.12.31 17:19:41 | 3216,261,120 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.31 17:18:22 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010.12.31 17:03:14 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.31 00:20:34 | 000,027,648 | ---- | M] () -- C:\Users\dw\Documents\Malwarebytes.doc
[2010.12.31 00:07:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.30 10:13:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010.12.27 18:17:23 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010.12.27 18:02:21 | 000,000,640 | ---- | M] () -- C:\windows\tasks\hpwebreg_CN07BBM0V8.job
[2010.12.27 16:35:23 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) -- C:\windows\System32\drivers\ezplay.sys
[2010.12.24 16:59:00 | 000,094,208 | ---- | M] (VSO Software) -- C:\Users\dw\AppData\Roaming\ezplay.sys
[2010.12.24 16:59:00 | 000,007,861 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.cat
[2010.12.24 16:59:00 | 000,001,103 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.inf
[2010.12.24 16:59:00 | 000,000,125 | ---- | M] () -- C:\Users\dw\AppData\Roaming\ezplay.ini
[2010.12.24 16:58:52 | 000,000,809 | ---- | M] () -- C:\Users\dw\Desktop\BlindWrite 6.lnk
[2010.12.23 23:29:08 | 000,000,124 | ---- | M] () -- C:\Users\dw\Documents\ax_files.xml
[2010.12.21 22:01:29 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010.12.21 21:10:32 | 000,436,792 | ---- | M] () -- C:\windows\System32\drivers\sptd.sys
[2010.12.21 13:15:36 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.12.21 13:13:15 | 000,000,820 | ---- | M] () -- C:\Users\dw\Desktop\A-Ray Scanner.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.12.18 07:31:56 | 348,027,293 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010.12.09 11:51:12 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2010.12.07 20:00:56 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2010.12.07 19:25:13 | 000,000,867 | ---- | M] () -- C:\Users\dw\Desktop\Exact Audio Copy.lnk
 
========== Files Created - No Company Name ==========
 
[2010.12.31 00:20:32 | 000,027,648 | ---- | C] () -- C:\Users\dw\Documents\Malwarebytes.doc
[2010.12.30 10:13:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010.12.27 18:17:23 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010.12.27 17:34:05 | 000,000,640 | ---- | C] () -- C:\windows\tasks\hpwebreg_CN07BBM0V8.job
[2010.12.27 16:35:23 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2010.12.27 16:35:23 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2010.12.24 16:54:21 | 000,000,034 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.log
[2010.12.24 16:54:04 | 000,007,861 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.cat
[2010.12.24 16:54:04 | 000,001,103 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.inf
[2010.12.24 16:54:04 | 000,000,125 | ---- | C] () -- C:\Users\dw\AppData\Roaming\ezplay.ini
[2010.12.24 16:53:45 | 000,000,809 | ---- | C] () -- C:\Users\dw\Desktop\BlindWrite 6.lnk
[2010.12.21 22:07:53 | 000,000,124 | ---- | C] () -- C:\Users\dw\Documents\ax_files.xml
[2010.12.21 21:57:02 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010.12.21 21:10:32 | 000,436,792 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010.12.21 13:13:15 | 000,000,820 | ---- | C] () -- C:\Users\dw\Desktop\A-Ray Scanner.lnk
[2010.12.09 11:55:14 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.09 11:51:12 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2010.12.07 20:00:56 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2010.12.07 19:25:13 | 000,000,867 | ---- | C] () -- C:\Users\dw\Desktop\Exact Audio Copy.lnk
[2010.04.03 15:21:47 | 000,000,001 | ---- | C] () -- C:\windows\System32\uuddc32.dll
[2010.03.22 16:16:55 | 000,003,584 | ---- | C] () -- C:\Users\dw\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.11 22:20:37 | 000,004,865 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010.03.11 17:50:49 | 000,063,393 | ---- | C] () -- C:\Programme\hminstalllog.txt
[2010.02.19 09:53:15 | 000,001,553 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.02.01 13:00:09 | 000,663,552 | ---- | C] () -- C:\windows\System32\Tx12.dll
[2010.02.01 13:00:09 | 000,000,530 | ---- | C] () -- C:\windows\System32\tx12_ic.ini
[2009.11.04 01:07:07 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Roaming\AVSDVDPlayer.m3u
[2009.11.04 00:56:47 | 000,524,288 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009.11.04 00:56:47 | 000,139,264 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009.09.29 19:51:59 | 000,000,090 | ---- | C] () -- C:\Users\dw\AppData\Local\fusioncache.dat
[2009.09.29 19:51:47 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2009.08.26 16:57:48 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\QSwitch.txt
[2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\DSwitch.txt
[2009.08.25 08:42:40 | 000,000,000 | ---- | C] () -- C:\Users\dw\AppData\Local\AtStart.txt
[2009.08.25 08:34:45 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009.08.25 08:34:45 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009.08.25 08:34:45 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008.06.17 05:07:59 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008.06.17 05:07:59 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008.06.17 05:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008.06.17 05:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008.06.17 05:07:59 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008.06.17 05:07:59 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008.06.17 04:49:59 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008.05.14 01:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008.05.08 10:14:24 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008.04.17 17:29:08 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005.04.03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2009.10.18 14:50:26 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\BITS
[2010.06.22 19:08:44 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\ChessBase
[2009.09.26 22:20:08 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\DonationCoder
[2010.12.07 19:25:24 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\EAC
[2009.09.26 10:22:50 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Engelmann Media
[2010.02.28 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\FreeFLVConverter
[2009.09.16 13:56:32 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\InterVideo
[2010.01.08 21:22:06 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Notepad++
[2009.08.31 09:24:06 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Opera
[2010.09.07 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\SparweltGutschein
[2010.03.13 19:57:27 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\uTorrent
[2010.12.24 17:00:09 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\Vso
[2010.12.31 17:18:23 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Und:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.12.2010 17:42:01 - Run 2
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\dw\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 88,14 Gb Free Space | 30,60% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive E: | 471,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1021,00 Mb Total Space | 1018,73 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: DW-PC | User Name: dw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39250603-7F04-4869-B336-04A9028DD866}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{4EFD917D-0DE9-414E-9E28-630E83015E9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B4163651-1E25-463F-A5AB-915674FACE0C}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026BD00D-5936-4FE5-AA1E-CD8E0E54CBED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0AD7BC5C-352A-4557-983E-CE25B41FA3AB}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{1BD01C0D-E278-4589-8EAA-770CB6837889}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{208FA400-BCF0-4C0A-83FE-78E748BF8950}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{27BC4B53-7FE7-4A95-B4D0-95C4C92B3214}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{3A3155C4-8ED2-491E-99EB-CD8C6FFC6BE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{3B20AF4D-AE4A-428E-BA5A-1B759CB19EB1}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{43D1CA1E-2D72-4F36-9A17-BB55020AD8D4}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{4F47FC29-6D6C-4998-AC4E-72E79FE689B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{593BD3D2-D8DC-4E3E-A10A-ABBF0AC1E988}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{6E7F7097-2856-4E21-AF90-B594D6DB539B}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{73F81C72-4CBF-4674-B245-F6A8E9FD82B9}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{81A4233A-62DD-4BC5-A837-849F13AE08B2}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{89BFE268-0855-476F-B535-4FE0AA90DB0D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{8AE44CE0-F2B3-4AF8-8274-809F92AC65DC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{AC48C4A1-AC1D-4DC4-AD1C-21AF4E6D3422}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{BC1BE14B-6C33-49F2-9CDE-4BBA10DCB4A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BD6F265D-503B-430F-83B1-66E3FDB00D5D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{D03D9D54-599E-471B-87BE-E9053BE749E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{D2632666-2A94-4AD4-8371-05E746B31648}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{DC320CD3-31E1-480A-8976-F3D268481192}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{DE890099-40D1-4531-83DC-AF5D2935C49D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EB22A9A0-7FEC-4C28-83E0-973ACF05E29C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{06CB77AB-CDE1-EF6B-175D-85FA59C7F0EE}" = Catalyst Control Center Core Implementation
"{07D78C7B-2AA8-5C02-4238-EE3F39279221}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AF9C2B7-2E98-8D77-3892-F8512305C6CE}" = CCC Help Turkish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Hilfe
"{140BAED1-23A8-401F-A722-8BFB0F0E0FAB}" = Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{164280AB-98C2-FD02-EC0B-5DFBB98E89C1}" = Catalyst Control Center Localization Chinese Standard
"{173317B8-D99E-F58E-CAAE-924D8F26C435}" = CCC Help Czech
"{1779522E-BFC6-738C-E97E-39405E196FA6}" = Catalyst Control Center Localization Spanish
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{1DB44CB7-D68E-9F09-D656-0FBC7D4D9C00}" = Catalyst Control Center Localization Norwegian
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FD3DF19-EF58-2A29-222B-A4B6E237D3DD}" = Catalyst Control Center Graphics Previews Vista
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EC294E6-2E8C-23A7-C174-4E59532B0E06}" = Catalyst Control Center Localization Korean
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{311BF3BF-6AAB-7859-1E5A-EB46644A6011}" = CCC Help French
"{32063923-8066-18D5-BF07-2B692547AEF5}" = CCC Help Korean
"{323C15C3-6DE1-05E6-B202-6F1D90BB1B06}" = Catalyst Control Center Localization Turkish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{345D8E42-E1E4-4006-81EB-2C5C0C8F8608}" = SyberiaDemo
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3848DCD1-E356-ACB9-93AF-FB93485E1598}" = CCC Help Thai
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3A76F96A-637B-9A0E-F65B-AE595A49DEDA}" = ccc-core-static
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FCFB6B6-B5DE-C5B8-825F-5998C220C24E}" = Catalyst Control Center Localization Russian
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{45BA0F82-FC61-828B-A188-49A24B7B39F4}" = Catalyst Control Center Localization Swedish
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4ADB08ED-A385-21BA-3511-00EB170C9CCA}" = Catalyst Control Center Localization Greek
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{500CAC18-1509-AC6C-3E91-A437F9457D5E}" = CCC Help Japanese
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{5B5494F7-FD30-AFAB-ACD5-345F26B6AAF4}" = Catalyst Control Center Graphics Full Existing
"{5BF2EC0B-2A01-DDEA-5645-E700BCE9CDA6}" = CCC Help Spanish
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EF644FA-3703-3253-7372-AE46FD862588}" = ccc-utility
"{63BABF5E-B142-02F9-85E1-F0A1DBEC6D5D}" = Catalyst Control Center Localization Chinese Traditional
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{647ED1EC-1D53-9886-B5A1-234CE9D7BE3F}" = Catalyst Control Center Localization Danish
"{64F561F5-17B7-0721-8D08-78777BB91382}" = CCC Help Italian
"{65E63D8F-F763-940E-38FA-1A6B2C30ADB2}" = Catalyst Control Center Graphics Light
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F98BA-338E-49a1-9D79-D786A83E6621}" = HP Officejet Pro 8000 A809 Series
"{6B4591DF-C531-255E-BDE6-25226A5AE115}" = Skins
"{6C4592F5-A803-1740-A708-84F3578DC083}" = Catalyst Control Center Localization German
"{6DF8EB4D-F5E5-369C-38B2-4F7CD0F02AC3}" = Catalyst Control Center Localization Italian
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8BEA3254-8719-4815-9312-69AF21B8D779}" = CCC Help Chinese Traditional
"{8BF85A3B-C2EE-2A32-DF54-B565062FBEC9}" = Catalyst Control Center Localization Japanese
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD39028-8B90-88D8-781A-AB82A9AE6662}" = CCC Help English
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91B26C13-34A4-36FA-E1F0-22664915EED1}" = Catalyst Control Center Localization Dutch
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{968933D6-A9FC-891C-6292-F7E68DB2C7EA}" = CCC Help Finnish
"{96DB55D1-E21F-126C-1ADD-35EAAC852C7C}" = Catalyst Control Center Localization Finnish
"{988B865E-CC06-7B3D-FBC0-52093DB75C9A}" = CCC Help Dutch
"{997F39AA-6CDC-2E23-F9C3-D59AACABAB8F}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAEBA159-3D7A-4C3C-B2EA-35A627506606}" = Fritz11
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0704448-6681-607E-D97F-A148C2E2F763}" = CCC Help Danish
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BABEDC2E-5718-1D6D-9E76-93C7EC76BBC4}" = CCC Help Greek
"{BC1DC565-8B34-4B29-9DB2-BF281C2FB56E}" = ESU for Microsoft Vista SP1
"{BD5DE09E-3C1C-1DCE-E98D-7B7BBDBE15AD}" = CCC Help Portuguese
"{BFCBCC48-9027-17B7-BD08-5214898494CC}" = CCC Help German
"{C3036710-8564-ECEA-0E19-1B7880111167}" = CCC Help Swedish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7D03B2F-5B3A-A6D8-1C6C-AFCA02DDD3EC}" = Catalyst Control Center Localization Czech
"{C8A33E2B-5DDB-BF2E-24A9-95DFA1CDF56D}" = Catalyst Control Center Localization Polish
"{CA144572-CEAD-5A14-A338-D28B35D9C7FF}" = Catalyst Control Center Localization Hungarian
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{CE3020D2-1742-19F4-EFB4-4D76097C81D0}" = Catalyst Control Center Localization Portuguese
"{CF755AAE-7801-359C-E9D3-FE8572F8C760}" = Catalyst Control Center Graphics Full New
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DC04644B-C7B3-AF77-610C-7F0AF59AC44D}" = ATI Catalyst Install Manager
"{DE80F89F-6132-42A9-1A47-542F6C60E1A2}" = CCC Help Russian
"{DEB23231-0851-4E3E-A2DB-EED8A40B0883}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E979B690-80A7-8E8B-1281-C68DBEDDB491}" = CCC Help Norwegian
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F23DFEB2-A5D1-3B97-FBF3-30DC859411C0}" = CCC Help Hungarian
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Schnellzugriffe
"{FBE38124-B7F0-3EEE-98C5-D8C3AE353FF5}" = CCC Help Chinese Standard
"{FD9FAE60-2BF1-C877-9843-AABA9DA06A2B}" = CCC Help Polish
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"A-Ray Scanner" = A-Ray Scanner 2.0.2.3
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.30
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Disc Creator_is1" = AVS Disc Creator version 4.1
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.3.0
"Betfair Poker_is1" = Betfair Poker
"Cavern Escape_is1" = Cavern Escape 1.001
"Clever & Smart - A Movie Adventure" = Clever & Smart - A Movie Adventure
"CloneCD" = CloneCD
"Découvertes 2 - SESAM" = Découvertes 2 - SESAM
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Everest Poker" = Everest Poker (Remove Only)
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"exPressit S.E. 3.0" = exPressit S.E. 3.0
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Google Chrome" = Google Chrome
"HoldemManager" = Holdem Manager
"hotpot_is1" = HotPotatoes v 6.3.0.4
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Jagged Alliance 2" = Jagged Alliance 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messer_is1" = Messer v0.992
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Notepad++" = Notepad++
"PDF Complete" = PDF Complete
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Projekt W_is1" = Projekt W - Phase 1 (1.2)
"RonyaSoft CD DVD Label Maker" = RonyaSoft CD DVD Label Maker 2.01
"Scid_is1" = Scid 4.2.2
"Sesam Découvertes 2" = Sesam Découvertes 2 deinstallieren
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnderCoverXP_is1" = UnderCoverXP 1.23
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WINZD_is1" = WINZD 2010-04
"XMedia Recode" = XMedia Recode 2.1.8.4
"YouTube FLV to AVI Converter Pro_is1" = YouTube FLV to AVI Converter Pro 2.3.0
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.12.2010 08:51:36 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 31.12.2010 09:00:59 | Computer Name = dw-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AsGHost.exe, Version 3.0.0.61, Zeitstempel 0x4833c92a,
 fehlerhaftes Modul ItSSO.dll, Version 3.0.0.464, Zeitstempel 0x4833c998, Ausnahmecode
 0xc0000005, Fehleroffset 0x0001f29a,  Prozess-ID 0x1b34, Anwendungsstartzeit 01cba88b5c0114bc.
 
Error - 31.12.2010 09:03:13 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 31.12.2010 10:22:45 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 31.12.2010 11:54:10 | Computer Name = dw-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18000 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 3498  Anfangszeit: 01cba902e18dea50  Zeitpunkt
 der Beendigung: 16
 
Error - 31.12.2010 12:03:13 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 31.12.2010 12:20:20 | Computer Name = dw-PC | Source = PostgreSQL | ID = 0
Description = 2010-12-31 17:20:20 CETFATAL:  the database system is starting up 
 
Error - 31.12.2010 12:20:49 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
Error - 31.12.2010 12:21:02 | Computer Name = dw-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.12.2010 12:34:06 | Computer Name = dw-PC | Source = Google Update | ID = 20
Description = 
 
[ Credential Manager Events ]
Error - 08.10.2010 09:42:07 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 08.10.2010 09:42:07 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 11.10.2010 06:19:55 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 11.10.2010 06:19:55 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 11.10.2010 15:35:01 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 11.10.2010 15:35:01 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 15.10.2010 11:43:09 | Computer Name = dw-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials.   Benutzer:
 d@dw-PC   Client-GUID: {Password}   Fehler: 0xC516020B   Client-Host: localhost   Client-Adresse:
 127.0.0.1   Authentifizierungsstelle: HP   Server-Host: localhost   Protokoll: HTTP
 
Error - 15.10.2010 11:43:09 | Computer Name = dw-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: d@dw-PC Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ System Events ]
Error - 22.11.2009 18:30:32 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:30:36 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:30:40 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:13 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:16 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:20 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 18:35:24 | Computer Name = dw-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.11.2009 19:52:12 | Computer Name = dw-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.11.2009 19:52:37 | Computer Name = dw-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 22.11.2009 19:53:19 | Computer Name = dw-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---


Seit ich heute nachmittag den Computer eingeschaltet habe, hat Avira einige Male Alarm geschlagen und meldet 'TR/FakeSysdef.A.53' [trojan], hab' die ersten Male das voreingestellte 'Zugriff verweigern' gelassen, beim letzten Mal dann 'in Quarantäne verschieben angeklickt, seitdem scheint Ruhe zu sein.

Alt 31.12.2010, 18:55   #8
rea
/// Helfer-Team
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Zitat:
Seit ich heute nachmittag den Computer eingeschaltet habe, hat Avira einige Male Alarm geschlagen und meldet 'TR/FakeSysdef.A.53' [trojan], hab' die ersten Male das voreingestellte 'Zugriff verweigern' gelassen, beim letzten Mal dann 'in Quarantäne verschieben angeklickt, seitdem scheint Ruhe zu sein.
Dann bitte noch folgendes erledigen:


Avira Antivir - Was wurde gefunden?

Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
  • Starte Avira Antivir
  • Unter dem Reiter Übersicht auf Ereignisse klicken
  • Dort bitte überprüfen, dass oben Alle angehakt sind und unter Filter nur das Kästchen Fund, die anderen bitte auslassen.
  • Alle Funde markieren (Sofern vorhanden)
  • Oben auf den runden Pfeil klicken (Ausgewählte Ereignisse exportieren)
  • Unter dem vorgegebenen Namen abspeichern und den Inhalt dieser .txt-Datei hier ebenfalls posten.

Im neuen Jahr gehts weiter
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 31.12.2010, 19:04   #9
dmw
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Hier noch Avira:

Zitat:
Exportierte Ereignisse:

31.12.2010 17:27 [Guard] Malware gefunden
In der Datei 'C:\_OTL\MovedFiles\12312010_171209\C_ProgramData\EvDdtiGBBuH.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeSysdef.A.53' [trojan]
gefunden.
Ausgeführte Aktion: Datei in Quarantäne verschieben

31.12.2010 17:26 [Guard] Malware gefunden
In der Datei 'C:\_OTL\MovedFiles\12312010_171209\C_ProgramData\EvDdtiGBBuH.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeSysdef.A.53' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben

31.12.2010 17:25 [Guard] Malware gefunden
In der Datei 'C:\_OTL\MovedFiles\12312010_171209\C_ProgramData\EvDdtiGBBuH.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeSysdef.A.53' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.12.2010 17:25 [Guard] Malware gefunden
In der Datei 'C:\_OTL\MovedFiles\12312010_171209\C_ProgramData\EvDdtiGBBuH.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeSysdef.A.53' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.12.2010 17:14 [Guard] Malware gefunden
In der Datei 'C:\_OTL\MovedFiles\12312010_171209\C_ProgramData\EvDdtiGBBuH.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeSysdef.A.53' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.12.2010 17:12 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\EvDdtiGBBuH.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeSysdef.A.53' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.12.2010 17:12 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\EvDdtiGBBuH.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeSysdef.A.53' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.12.2010 15:12 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\EvDdtiGBBuH.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeSysdef.A.53' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.12.2010 14:20 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\EvDdtiGBBuH.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeSysdef.A.53' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.12.2010 14:19 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\EvDdtiGBBuH.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeSysdef.A.53' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

31.12.2010 14:12 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\EvDdtiGBBuH.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeSysdef.A.53' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

30.12.2010 16:22 [Scanner] Malware gefunden
Die Datei
'C:\Users\d\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\7aead900-2e9ec488'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/OpenConnect.CF' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d81a425.qua'
verschoben!
Bis nächstes Jahr dann, vielen Dank und guten Rutsch!

Alt 01.01.2011, 14:43   #10
rea
/// Helfer-Team
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Okay, die Funde hat OTL schon erledigt



1.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.


    Code:
    ATTFilter
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
    FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"
    FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0
    FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.2.13
    FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q="
    [2010.03.23 21:08:38 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
    [2010.12.31 02:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
    [2010.12.21 22:01:14 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
    [2010.03.23 21:08:29 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de
    [2010.01.20 12:16:28 | 000,000,939 | ---- | M] () -- C:\Users\dw\AppData\Roaming\Mozilla\FireFox\Profiles\r64qf5o8.default\searchplugins\conduit.xml
    O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
    [2010.12.30 10:13:01 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
    [2010.12.30 10:11:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
    [2010.09.07 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\dw\AppData\Roaming\SparweltGutschein
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
             
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.





2.) Einstellungen prüfen
Stelle sicher, dass bei dir alle Ordner und Dateien angezeigt werden:
  • Starte den Windows Explorer (Rechtsklick auf Start -> Explorer)
  • => Extras
  • => Ordneroptionen
  • => Ansicht
  • Ändere folgende Einstellungen:
    • Entferne den Haken bei Erweiterungen bei bekannten Dateitypen ausblenden
    • Entferne den Haken bei Geschützte Systemdateien ausblenden
    • Setze den Haken bei Inhalte von Systemordnern anzeigen
    • Unter "Versteckte Dateien und Ordner" setzt du den Punkt bei Alle Dateien und Ordner anzeigen





3.) Dateiüberprüfung auf Virustotal
Besuche Virustotal
Suche dort folgende Datei und lade sie über den Button "Send file" hoch.
Code:
ATTFilter
C:\ProgramData\bltofzsb.qlf
         
Die Überprüfung kann jeweils einige Minuten dauern. Wenn die Datei bereits von anderen Usern geprüft wurde, lasse sie erneut prüfen. Poste mir die Ergebnisse mit Kopf und allem in Codetags hier in den Thread.
Wenn eine Datei nicht zu finden ist, sag mir bitte Bescheid.





Hast du everestpoker.com in die vertrauenswürdigen Sites eingetragen?
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)





Bitte poste in deiner nächsten Antwort:
  • Das Logfile vom OTL-Fix (Schritt 1)
  • Das Ergebnis das Dateiüberprüfung auf Virustotal (Schritt 3)
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 01.01.2011, 15:31   #11
dmw
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Schritt 1:

Zitat:
All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "free-downloads.net Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "free-downloads.net Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.5.6.0 removed from extensions.enabledItems
Prefs.js: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.2.13 removed from extensions.enabledItems
Prefs.js: sparweltgutscheinewl@sparwelt.de:1.0 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=" removed from keyword.URL
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\searchplugin folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\META-INF folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\lib folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\defaults folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\searchplugin folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\META-INF folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\lib folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\defaults folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\chrome folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\preferences\.svn\tmp folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\preferences\.svn\text-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\preferences\.svn\props folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\preferences\.svn folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\preferences folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\.svn\tmp\text-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\.svn\tmp\props folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\.svn\tmp folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\.svn\text-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\.svn\props folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\.svn\prop-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults\.svn folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\defaults folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\skin\.svn\tmp\text-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\skin\.svn\tmp\props folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\skin\.svn\tmp\prop-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\skin\.svn\tmp folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\skin\.svn\text-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\skin\.svn\props folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\skin\.svn\prop-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\skin\.svn folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\skin folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\content\.svn\tmp\text-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\content\.svn\tmp\props folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\content\.svn\tmp\prop-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\content\.svn\tmp folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\content\.svn\text-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\content\.svn\props folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\content\.svn\prop-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\content\.svn folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\content folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\.svn\tmp\text-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\.svn\tmp\props folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\.svn\tmp\prop-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\.svn\tmp folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\.svn\text-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\.svn\props folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\.svn\prop-base folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome\.svn folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de\chrome folder moved successfully.
C:\Users\dw\AppData\Roaming\mozilla\Firefox\Profiles\r64qf5o8.default\extensions\sparweltgutscheinewl@sparwelt.de folder moved successfully.
File C:\Users\dw\AppData\Roaming\Mozilla\FireFox\Profiles\r64qf5o8.default\searchplugins\conduit.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
C:\Programme\Enigma Software Group\SpyHunter\mon folder moved successfully.
C:\Programme\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Programme\Enigma Software Group\SpyHunter\Downloads folder moved successfully.
C:\Programme\Enigma Software Group\SpyHunter\Defs folder moved successfully.
C:\Programme\Enigma Software Group\SpyHunter\Data folder moved successfully.
C:\Programme\Enigma Software Group\SpyHunter folder moved successfully.
Folder move failed. C:\Programme\Enigma Software Group scheduled to be moved on reboot.
C:\Programme\Common Files\Wise Installation Wizard folder moved successfully.
C:\Users\dw\AppData\Roaming\SparweltGutschein folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: d
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dw
->Temp folder emptied: 11432 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 76441603 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 615 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58796 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1742 bytes

Total Files Cleaned = 73,00 mb



OTL by OldTimer - Version 3.2.18.2 log created on 01012011_145643

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\Enigma Software Group scheduled to be moved on reboot.
File\Folder C:\windows\temp\ZLT07666.TMP not found!
File\Folder C:\windows\temp\ZLT0766a.TMP not found!

Registry entries deleted on Reboot...
Schritt 2: erledigt, AUSSER 'Inhalte von Systemordnern anzeigen' - ich kann das nicht finden.

Schritt 3:

Zitat:
VT Community Sign in ▼ My account ▼ Sign out Signing out... Languages ▼
VirusTotal's website has changed, we need new translations, do you feel like helping the community?
info@virustotal.com
Sign in to VT Community

Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.
email
password
Keep me logged in

Sign in
Signing in, please wait...
Login failed, please try again
Forgot your password? Create an account
Edit my profile
View my profile
Inbox
Virus Total
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
bltofzsb.qlf
Submission date:
2011-01-01 14:25:44 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.01.00 2010.12.31 -
AntiVir 7.11.0.247 2010.12.31 -
Antiy-AVL 2.0.3.7 2011.01.01 -
Avast 4.8.1351.0 2011.01.01 -
Avast5 5.0.677.0 2011.01.01 -
AVG 9.0.0.851 2011.01.01 -
BitDefender 7.2 2011.01.01 -
CAT-QuickHeal 11.00 2011.01.01 -
ClamAV 0.96.4.0 2011.01.01 -
Command 5.2.11.5 2011.01.01 -
Comodo 7261 2011.01.01 -
DrWeb 5.0.2.03300 2011.01.01 -
Emsisoft 5.1.0.1 2011.01.01 -
eSafe 7.0.17.0 2010.12.30 -
eTrust-Vet 36.1.8074 2010.12.31 -
F-Prot 4.6.2.117 2010.12.31 -
F-Secure 9.0.16160.0 2011.01.01 -
Fortinet 4.2.254.0 2011.01.01 -
GData 21 2011.01.01 -
Ikarus T3.1.1.90.0 2011.01.01 -
Jiangmin 13.0.900 2011.01.01 -
K7AntiVirus 9.75.3406 2010.12.31 -
Kaspersky 7.0.0.125 2011.01.01 -
McAfee 5.400.0.1158 2011.01.01 -
McAfee-GW-Edition 2010.1C 2011.01.01 -
Microsoft 1.6402 2011.01.01 -
NOD32 5751 2011.01.01 -
Norman 6.06.12 2011.01.01 -
nProtect 2011-01-01.01 2011.01.01 -
Panda 10.0.2.7 2010.12.31 -
PCTools 7.0.3.5 2011.01.01 -
Prevx 3.0 2011.01.01 -
Rising 22.80.04.04 2010.12.31 -
Sophos 4.60.0 2011.01.01 -
SUPERAntiSpyware 4.40.0.1006 2011.01.01 -
Symantec 20101.3.0.103 2011.01.01 -
TheHacker 6.7.0.1.109 2010.12.30 -
TrendMicro 9.120.0.1004 2011.01.01 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.01 -
VBA32 3.12.14.2 2010.12.30 -
VIPRE 7909 2011.01.01 -
ViRobot 2010.12.31.4232 2011.01.01 -
VirusBuster 13.6.121.0 2010.12.30 -
Additional information
Show all
MD5 : 66a656b55dc8c7ca3cb451fe515509dd
SHA1 : 33569e38289e6e6b0d7bf68d16b6ac4ffde8e608
SHA256: 35a16382e9b5d5c7ece2cb02dab51c67051733e5fded43253845db2751031777
ssdeep: 96:LDV9QSqjJ+/0a3izGLnMsjNiWK8VKeRQ0KPjimtdLtjGQLu/bXwgUQUPS1lWdzGP:Lk1L2ic
nMsjAWK8VKeRQxPjioLtKQLuv
File size : 4865 bytes
First seen: 2010-12-30 11:09:14
Last seen : 2011-01-01 14:25:44
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold
text -- italics
text -- underline
text -- strikethrough
Code:
ATTFilter
text
         
-- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

Goodware
Malware
Spam attachment/link

P2P download
Propagating via IM
Network worm

Drive-by-download


Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.
Preview comment Edit comment
Post comment
Posting comment...
Comment successfully posted

Zu everest.com: ja, allerdings funktioniert everest schon lange nicht mehr, könnte es auch löschen

Gruß,
dmw

Alt 01.01.2011, 15:46   #12
rea
/// Helfer-Team
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Kleiner Hinweis: Du setzt die Logfiles oft in Zitattags und nicht in Codetags. Am übersichtlichsten ist es, wenn du sie alle in Codetags setzt: Vor das Log schreibst du [Code] und hinter das Log dann [/Code]. Das ganze sieht dann so aus:
Code:
ATTFilter
Text des Logfiles
         


1.) Vertrauenswürdige Zone zurücksetzen
Lade Trusted_Zonefix.zip herunter.
  • Auf den Desktop entpacken.
  • Alle anderen Anwendungen schließen, denn der PC wird automatisch neu gestartet.
  • Ordner Trusted_Zonefix öffnen,
  • Trusted_Zonefix.bat doppelklicken,
  • drücke die Taste 1 => Enter und
  • den Anweisungen auf dem Bildschirm folgen.





2.) Malwarebytes Antimalware

  • Starte Malwarebytes Antimalware
  • Denke daran, bei Vista & Win 7 das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Aktualisierung), wenn das nicht automatisch passiert.
  • Aktiviere "Vollständigen Suchlauf durchführen" => Scan.
  • Wähle alle verfügbaren Laufwerke aus und starte den Scan.
  • Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
  • Versichere Dich, dass alle Funde markiert sind.
  • Achtung: Bitte bei allen Funden, die im Ordner "C:\System Volume Information" gemacht werden sollten, den haken entfernen, sie sollen noch bestehen bleiben und können nichts anrichten.
  • Drücke auf "Löschen"
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.





3.) Eset Online Scan
ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.





Poste bitte in deiner nächsten Antwort:
  • Das Logfile von Malwarebytes Antimalware (Schritt 2)
  • Das logfile vom Eset Onlinescan (Schritt 3)
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 01.01.2011, 16:58   #13
dmw
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Sorry, ich komme mit diesem trusted zone... nicht zurecht.
Ich lade es herunter, entpacke, habe trusted..bat auf dem desktop:
doppelklick auf die bat öffnet ein Fenster
gebe wie verlangt '1' und 'enter' ein,
dann rauscht Text durchs Fenster, zu schnell um etwas zu lesen,
dann erfolgt ein Neustart,
danach rührt sich 'trusted' nicht mehr,
bei erneutem Doppelklick auf die .bat dasselbe Spiel;
bekomme (außer am Anfang, 1 eingeben) keinerlei Anweisungen,
es ist nach dem Neustart auch kein log zu sehen.

Alt 01.01.2011, 22:24   #14
rea
/// Helfer-Team
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Klingt so, als wäre es ganz normal gelaufen Ich prüfe später noch ob es Erfolg hatte, mach dann mit Malwarebytes weiter.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 01.01.2011, 22:58   #15
dmw
 
EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Standard

EasyScan - Malwarebytes findet nichts - was mach' ich falsch?



Ich will bestimmt nicht nerven, aber ich hab jetzt auch ein Problem mit malwarebyte:
Rel. frischer download vom 30.12., Datenbankversion 5426;
wenn ich über Registerkarte 'aktualisierung' nach Aktualisierungen suche, kommt die Fehlermeldung:
PROGRAM_ERROR_UPDATING (12029, 0, WinHttpSendRequest)

Wenn ich auf den Link 'Click...to download latest version' klicke, kommt die Fehlermeldung:
'Bei der Weitergabe des Befehls an das Programm ist ein Fehler aufgetreten'

Ich habe inzwischen auch Probleme mit dem touchpad, das plötzlich leichtes Antippen als Mausclick interpretiert, obwohl ich das (mit synaptech) längst abgestellt hatte.
Ich konnte das Programm (synaptech) nicht mehr finden, hab' es deshalb erneut heruntergeladen (über HP support/drivers). Bei der Installation wurde ich aufgefordert, das alte programm erst zu deinstallieren. Ich hab es dann in Einstellungen/Systemsteuerung/Programm deinstallieren auch gefunden:

Beim Versuch, es zu deinstallieren, fordert mich windows auf, mich als Admin anzumelden - aber ich bin als admin angemeldet!
Ich versteh gar nichts mehr, - soll ich das Notebook gleich wegschmeißen?

Antwort

Themen zu EasyScan - Malwarebytes findet nichts - was mach' ich falsch?
admin, avira, benutzerkonto, dasselbe, easyscan, eingefangen, erkennt, falsch, forum, gefangen, gen, gestern, hddlow, kein admin, laufen, malwarebytes, nennt, neustart, nichts, problem, quarantäne, schei, suche, verschoben, versucht, verändert, vista



Ähnliche Themen: EasyScan - Malwarebytes findet nichts - was mach' ich falsch?


  1. Spybot findet viele ERgebnisse, Avast, Malwarebytes und adwcleaner finden nichts
    Antiviren-, Firewall- und andere Schutzprogramme - 03.04.2014 (1)
  2. Kaspersky findet 7 Trojaner, kann aber nur 2 verarbeiten - malwarebytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (6)
  3. Malwarebytes Blockt IP Ausgänge aber findet nichts
    Plagegeister aller Art und deren Bekämpfung - 31.10.2013 (16)
  4. AVG findet 32 Rootkits,kann sie aber nicht eliminieren ,Malwarebytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (5)
  5. snap.do entfernen, malwarebytes findet nichts!
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (11)
  6. Avira meldet Trojaner, Malwarebytes findet nichts
    Log-Analyse und Auswertung - 24.01.2013 (11)
  7. Von Bot erwischt, emailausgang gesperrt, malwarebytes findet nichts
    Log-Analyse und Auswertung - 16.01.2013 (13)
  8. Startfenster.com von VLC, Malwarebytes findet aber nichts...
    Log-Analyse und Auswertung - 07.01.2013 (11)
  9. AntiVir findet nichts doch Malwarebytes findet 22 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (21)
  10. Antivir findet 9 Viren, malware findet nichts mehr
    Plagegeister aller Art und deren Bekämpfung - 28.05.2012 (18)
  11. Malwarebytes meldet ständig, dass es eine unsichere ip blockt, aber findet nichts
    Log-Analyse und Auswertung - 10.02.2012 (11)
  12. Malwarebytes.org falsch dargestellt!
    Diskussionsforum - 16.01.2012 (5)
  13. Win XP spielt verrückt, Malwarebytes' Anti-Malware findet nichts
    Log-Analyse und Auswertung - 28.12.2011 (5)
  14. Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts?
    Plagegeister aller Art und deren Bekämpfung - 15.11.2011 (1)
  15. Trojaner TR/FakeSysdef.B Malwarebytes findet nichts mehr- trotzdem aktiv!
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (11)
  16. Malwarebytes - was mach ich danach?
    Antiviren-, Firewall- und andere Schutzprogramme - 29.09.2010 (25)
  17. Was mach ich falsch?
    Log-Analyse und Auswertung - 26.11.2008 (2)

Zum Thema EasyScan - Malwarebytes findet nichts - was mach' ich falsch? - Hallo, hab' mir gestern 'easyscan' eingefangen und bin auf der Suche nach Hilfe auf dieses Forum gestoßen. Befallen ist mein Benutzerkonto (kein Admin) in Vista Home. Bisher versucht: Als Admin - EasyScan - Malwarebytes findet nichts - was mach' ich falsch?...
Archiv
Du betrachtest: EasyScan - Malwarebytes findet nichts - was mach' ich falsch? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.